CVE-2025-6196 is a medium severity vulnerability identified in libgepub, a library responsible for reading EPUB files. The vulnerability arises from an integer overflow or wraparound during file size calculations when processing specially crafted EPUB files. This miscalculation leads to incorrect memory allocation sizes, which can cause the application using libgepub to crash due to memory corruption or access violations. Affected software includes desktop services such as Tumbler, which may automatically parse EPUB files when browsing directories, exposing users to potential denial of service without explicit file opening. The vulnerability does not appear to allow remote code execution or data leakage, as it primarily impacts availability by crashing the application. Exploitation requires user interaction, such as browsing or opening directories containing malicious EPUB files. The CVSS 3.1 base score is 5.5, reflecting a local attack vector with low complexity and no privileges required but requiring user interaction. The scope remains unchanged, and the impact is limited to availability. No patches or exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed by updating libgepub or affected applications.

The primary impact of CVE-2025-6196 is denial of service due to application crashes when processing malicious EPUB files. Organizations that use libgepub in desktop environments or services that automatically parse EPUB files (e.g., file indexing or thumbnail generation services like Tumbler) may experience service interruptions or degraded user experience. While this does not compromise confidentiality or integrity, repeated crashes could disrupt workflows or automated processes relying on EPUB file handling. In environments where EPUB files are shared or downloaded from untrusted sources, attackers could exploit this vulnerability to cause persistent denial of service. The lack of remote exploitation vectors limits the threat to local or user-initiated scenarios, reducing the overall risk. However, in high-security or availability-critical environments, such disruptions could have operational consequences.

To mitigate CVE-2025-6196, organizations should: 1) Update libgepub to the latest patched version once available from vendors or maintainers. 2) Configure desktop services like Tumbler to disable automatic parsing or thumbnail generation for EPUB files, especially in environments where untrusted files are common. 3) Implement file validation and filtering controls to block or quarantine suspicious EPUB files before processing. 4) Educate users to avoid opening or browsing directories containing untrusted EPUB files. 5) Monitor application logs for crashes or abnormal behavior related to EPUB file handling to detect potential exploitation attempts. 6) Where possible, sandbox or isolate applications that use libgepub to limit the impact of crashes. 7) Engage with vendors for timely patches and verify updates in test environments before deployment.