CVE-2025-6199

Name: CVE-2025-6199 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2025-6199

LOW

CVSS v3.1: 3.3 · EPSS: 0.0014 (4.0 percentile)

No privilegesInformation Exposure

Source data as of: 2026-06-26 05:02:17 UTC

At a glance

Severity: LOW
CVSS: 3.3 v3.1 · NVD
EPSS: 0.0014 (4.0 percentile) · FIRST.org
CISA KEV: No
Type: Information Exposure · NVD CWE
Attack conditions (CVSS vector): No privileges · Source: NVD Vector
Affected vendors: gnome
Published: 2025-06-17 · Modified: 2026-06-26
References: Jump to references (4)

CVSS / EPSS / KEV

CVSS v3.1 3.3 / 10 LOW Source: NVD

EPSS 0.0014 4.0 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.

Record details

CVE ID: CVE-2025-6199
CVSS (v3.1): 3.3 (LOW)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability subscore: 1.8
Impact subscore: 1.4
EPSS: 0.0014 (4.0 percentile) — 2026-06-26
CISA KEV: No
Weakness (CWE): CWE-200
Affected vendors: gnome
Affected configurations (CPE): 1
Published: 2025-06-17
Modified: 2026-06-26
Status: Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2025-6199

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year