Bug#1109262: CVE-2025-7345: gdk-pixbuf: heap buffer overflow in JPEGs with chunked ICC data
Sylvain Beucler
beuc at beuc.net
Tue Jul 22 13:15:38 BST 2025
Hi,
On 14/07/2025 13:15, Simon McVittie wrote:
> I think we should probably leave this unfixed in stable and LTS for now,
> until we have a better idea of whether the regression is a real thing.
> cc -lts to warn off the LTS team from doing anything overzealous for now.
>
> I am by no means an expert on either the gdk-pixbuf codebase, the finer
> points of JPEG parsing, or reproducing fuzzer-generated crashes in a
> more reasonable environment, so I would very much appreciate it if
> someone who is better at those topics (and ideally someone who can spend
> their paid time on it!) can take it from here.
Thanks for the heads-up. I somehow missed your e-mail during my
front-desk shift last week and found it again by change.
I added a note in dla-needed.txt referencing the need to hold off and
the request for help.
Cheers!
Sylvain
More information about the pkg-gnome-maintainers
mailing list