How to fix EUVD-2025-18505?

During next maintenance window: Apply vendor patches when convenient. Verify information disclosure controls are in place.

Is Ubuntu affected by EUVD-2025-18505?

CVE-2025-6199 is a low-severity vulnerability in A flaw involving information exposure (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

EUVD-2025-18505

| CVE-2025-6199 LOW

2025-06-17 [email protected]

3.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 22:15 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 22:15 euvd

EUVD-2025-18505

CVE Published

Jun 17, 2025 - 15:15 nvd

LOW 3.3

Description

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Analysis

Technical Context

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

Affected Products

Affected products: Gnome Gdkpixbuf 2.0.0

Remediation

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +16

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gdk-pixbuf

Release	Status	Version
oracular	ignored	end of life, was needs-triage
bionic	released	2.36.11-2ubuntu0.1~esm2
focal	released	2.40.0+dfsg-3ubuntu0.5+esm1
jammy	released	2.42.8+dfsg-1ubuntu0.4
upstream	released	2.42.12+dfsg-4
noble	released	2.42.10+dfsg-3ubuntu3.2
plucky	released	2.42.12+dfsg-2ubuntu0.1
xenial	released	2.32.2-1ubuntu1.6+esm2
questing	released	2.42.12+dfsg-4build1

USN-7662-1

Debian

Bug #1107994

gdk-pixbuf

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.42.2+dfsg-1+deb11u3	-
bullseye (security)	fixed	2.42.2+dfsg-1+deb11u4	-
bookworm	fixed	2.42.10+dfsg-1+deb12u2	-
bookworm (security)	fixed	2.42.10+dfsg-1+deb12u2	-
trixie	fixed	2.42.12+dfsg-4	-
forky, sid	fixed	2.44.5+dfsg-4	-
(unstable)	fixed	2.42.12+dfsg-3	-

DLA-4225-1 DSA-5946-1

EUVD-2025-18505 vulnerability details – vuln.today

Back

EUVD-2025-18505

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-18505

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code