
CVE-2025-6199 – Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
https://notcve.org/view.php?id=CVE-2025-6199
17 Jun 2025 — A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result i... • https://access.redhat.com/security/cve/CVE-2025-6199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-6196 – Libgepub: integer overflow in libgepub's epub archive handling
https://notcve.org/view.php?id=CVE-2025-6196
17 Jun 2025 — A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnera... • https://access.redhat.com/security/cve/CVE-2025-6196 • CWE-190: Integer Overflow or Wraparound •

CVE-2025-6020 – Linux-pam: linux-pam directory traversal
https://notcve.org/view.php?id=CVE-2025-6020
17 Jun 2025 — A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly handled user-controlled paths. In environments where pam_namespace is used, a local attacker could possibly use this issue to escalate their privileges to root. • https://access.redhat.com/security/cve/CVE-2025-6020 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2025-4404 – Freeipa: idm: privilege escalation from host to domain admin in freeipa
https://notcve.org/view.php?id=CVE-2025-4404
17 Jun 2025 — A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leadin... • https://access.redhat.com/errata/RHSA-2025:9184 • CWE-1220: Insufficient Granularity of Access Control •

CVE-2025-6019 – Libblockdev: lpe from allow_active to root in libblockdev via udisks
https://notcve.org/view.php?id=CVE-2025-6019
17 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a l... • https://github.com/guinea-offensive-security/CVE-2025-6019 • CWE-250: Execution with Unnecessary Privileges •

CVE-2025-49177 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
https://notcve.org/view.php?id=CVE-2025-49177
17 Jun 2025 — A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-49175 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
https://notcve.org/view.php?id=CVE-2025-49175
17 Jun 2025 — A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. USN-7573-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Nils Emmerich discovered that the X.Org X Server incorrectly handled certain memory operations. • https://access.redhat.com/security/cve/CVE-2025-49175 • CWE-125: Out-of-bounds Read •

CVE-2025-49176 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
https://notcve.org/view.php?id=CVE-2025-49176
17 Jun 2025 — A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49176 • CWE-190: Integer Overflow or Wraparound •

CVE-2025-49178 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
https://notcve.org/view.php?id=CVE-2025-49178
17 Jun 2025 — A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49178 • CWE-667: Improper Locking •

CVE-2025-49179 – Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
https://notcve.org/view.php?id=CVE-2025-49179
17 Jun 2025 — A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. This update for xorg-x11-server fixes the following issues. Out-of-bounds access in X Rendering extension (Animated cursors). Integer overflow in Big Requests Extension. • https://access.redhat.com/security/cve/CVE-2025-49179 • CWE-190: Integer Overflow or Wraparound •