Many GTK applications use the gdk-pixbuf library, which has a vulnerability, to load graphical assets. The issue occurs when processing maliciously crafted JPEG images during Base64 encoding, leading to a heap buffer overflow. This problem affects two versions of gdk-pixbuf: 2.36.5-2+deb9u4 for Debian GNU/Linux 9 (Stretch) ELTS and 2.38.1+dfsg-1+deb10u2 for Debian GNU/Linux 10 (Buster) ELTS. The related CVE is CVE-2025-7345.

ELA-1570-1 gdk-pixbuf security update

ELA-1570-1 gdk-pixbuf security update

Package : gdk-pixbuf
Version : 2.36.5-2+deb9u4 (stretch), 2.38.1+dfsg-1+deb10u2 (buster)

Related CVEs :
CVE-2025-7345

A vulnerability was found in gdk-pixbuf, a library used by many GTK
applications to load graphical assets. When processing maliciously
crafted JPEG images, a heap buffer overflow can occur during Base64
encoding.

ELA-1570-1 gdk-pixbuf security update