CVE-2025-7345: 
Alma Linux vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2025-7345) was discovered in gdk-pixbuf, specifically within the gdkpixbuf_jpegimageloadincrement function (io-jpeg.c) and glib's gbase64encodestep (glib/gbase64.c). The vulnerability was disclosed on July 8, 2025, affecting multiple versions of the GDK-PixBuf library across various Linux distributions (NVD, Snyk).

The vulnerability occurs when processing maliciously crafted JPEG images, where a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory. The issue has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-120 (Buffer Copy without Checking Size of Input) (NVD, Red Hat).

The vulnerability can potentially lead to application crashes or arbitrary code execution. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on availability, potentially resulting in total loss of availability to the impacted component (Snyk).

Fixed versions have been released for various Ubuntu distributions: Ubuntu 25.04 (2.42.12+dfsg-2ubuntu0.1), Ubuntu 24.04 LTS (2.42.10+dfsg-3ubuntu3.2), Ubuntu 22.04 LTS (2.42.8+dfsg-1ubuntu0.4), and Ubuntu 20.04 LTS (2.40.0+dfsg-3ubuntu0.5+esm1). Users are advised to update their systems to these versions or higher (Ubuntu).