CVE-2025-6196

Sažetak

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

Reference

https://access.redhat.com/security/cve/CVE-2025-6196
https://bugzilla.redhat.com/show_bug.cgi?id=2373117
https://gitlab.gnome.org/GNOME/libgepub/-/issues/18

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

17-06-2025 - 20:50

Objavljeno

17-06-2025 - 15:15