CVE-2025-6196
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-08-12
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | libgepub | * |
| redhat | enterprise_linux | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the libgepub library's EPUB archive parser. When processing a specially crafted EPUB file, a 64-bit file size value is incorrectly cast to a 32-bit signed integer, causing the size to wrap into a negative number. This negative value is then misinterpreted as a very large unsigned integer during memory allocation, leading to an attempt to allocate excessive memory. This allocation fails and causes the application to crash, resulting in a denial of service. [1]
How can this vulnerability impact me? :
The vulnerability can cause applications using libgepub to crash when opening or processing maliciously crafted EPUB files. This can lead to denial of service, especially in desktop environments like Tumbler that may automatically process EPUB files when browsing directories. Although no direct remote attack vectors are confirmed, any application parsing user-supplied EPUB content with libgepub could be vulnerable to crashes and service interruptions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for application crashes or denial of service events in applications using libgepub, such as tumbler, especially when browsing directories containing EPUB files. There are no specific network detection commands provided. On the system, you can check for crashes or abnormal behavior when opening or browsing directories with EPUB files. Additionally, you can attempt to identify the presence of vulnerable libgepub versions by checking installed package versions. For example, on a Linux system, you might use commands like 'rpm -q libgepub' or 'dpkg -l | grep libgepub' to determine the installed version. However, no specific commands to detect exploitation attempts or crafted EPUB files are provided. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding browsing directories containing untrusted or suspicious EPUB files with applications using libgepub, such as tumbler. Updating libgepub and related applications to a patched version once available is recommended. If patching is not immediately possible, restricting user access to directories with untrusted EPUB files or disabling automatic thumbnailing or processing of EPUB files by desktop services like tumbler can reduce risk. [1]