Bug 2373147 (CVE-2025-6199)

Summary: CVE-2025-6199 gdk-pixbuf: Uninitialized Memory Disclosure in GdkPixbuf GIF LZW Decoder
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2373152, 2373153, 2373154, 2373155, 2373156, 2373157, 2373158, 2373159, 2373160, 2373161, 2373162, 2373163, 2373164, 2373165, 2373166, 2373167, 2373168, 2373169, 2373170    
Bug Blocks:    

Description OSIDB Bzimport 2025-06-17 12:03:55 UTC 
Information Disclosure via uninitialized heap memory exposure in GdkPixbuf’s GIF LZW decoder. Upon encountering an invalid LZW symbol, the decoder incorrectly returns the full buffer length instead of the number of decoded bytes written. This oversight leads to uninitialized memory regions in the output image. A crafted GIF can be used to leak memory contents by processing and then reading back the resulting pixbuf.