{"id":"AZL-65048","summary":"CVE-2025-7345 affecting package gdk-pixbuf2 for versions less than 2.40.0-8","details":"A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.","modified":"2026-04-21T04:32:39.063584Z","published":"2025-07-08T14:15:32Z","upstream":["CVE-2025-7345"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7345"}],"affected":[{"package":{"name":"gdk-pixbuf2","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/gdk-pixbuf2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.0-8"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65048.json"}}],"schema_version":"1.7.5"}