CVE-2025-6196 Information

Jun 18, 2025 cve

Description

A flaw was found in libgepub a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://access.redhat.com/security/cve/CVE-2025-6196 https://bugzilla.redhat.com/show_bug.cgi?id=2373117 https://gitlab.gnome.org/GNOME/libgepub/-/issues/18

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5

CNNVD-202506-2014 (Published: 2025-06-17)

Share on: