CVE-2025-6196 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-6196 Interim 1 2 2025-07-12T06:55:34Z current 2025-06-17T23:18:53Z 2025-07-12T06:55:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-6196 A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2025-July/040597.html E-Mail link for SUSE-SU-2025:02213-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040611.html E-Mail link for SUSE-SU-2025:02222-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 openSUSE Leap 15.6 libgepub-0_6-0-0.6.0-150200.3.5.1 libgepub-0_7-0-0.7.1-150600.3.5.1 libgepub-devel-0.7.1-150600.3.5.1 typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 typelib-1_0-Gepub-0_7-0.7.1-150600.3.5.1 libgepub-0_6-0-0.6.0-150200.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libgepub-0_7-0-0.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libgepub-devel-0.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 libgepub-0_6-0-0.6.0-150200.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libgepub-0_7-0-0.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libgepub-devel-0.7.1-150600.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libgepub-0_7-0-0.7.1-150600.3.5.1 as a component of openSUSE Leap 15.6 libgepub-devel-0.7.1-150600.3.5.1 as a component of openSUSE Leap 15.6 typelib-1_0-Gepub-0_7-0.7.1-150600.3.5.1 as a component of openSUSE Leap 15.6 A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service. CVE-2025-6196 SUSE Linux Enterprise Module for Package Hub 15 SP6:libgepub-0_6-0-0.6.0-150200.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libgepub-0_7-0-0.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:libgepub-devel-0.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgepub-0_6-0-0.6.0-150200.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgepub-0_7-0-0.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgepub-devel-0.7.1-150600.3.5.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:typelib-1_0-Gepub-0_6-0.6.0-150200.3.5.1 openSUSE Leap 15.6:libgepub-0_7-0-0.7.1-150600.3.5.1 openSUSE Leap 15.6:libgepub-devel-0.7.1-150600.3.5.1 openSUSE Leap 15.6:typelib-1_0-Gepub-0_7-0.7.1-150600.3.5.1 moderate 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H