CVE-2025-14087

MEDIUM
2025-12-10 [email protected]
5.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 18, 2026 - 17:37 vuln.today
CVE Published
Dec 10, 2025 - 09:15 nvd
MEDIUM 5.6

Tags

Denial Of Service RCE Glib Enterprise Linux Redhat Suse

Description

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Analysis

A buffer-underflow vulnerability exists in GLib's GVariant parser that allows remote attackers to trigger heap corruption through maliciously crafted input strings. This affects GNOME GLib and all versions of Red Hat Enterprise Linux (7.0 through 10.0), potentially enabling denial of service or remote code execution. The vulnerability has an EPSS score of 0.26% (percentile 49%) indicating low exploitation probability despite the moderate CVSS score of 5.6.

Technical Context

GLib is the core utility library for GNOME and is widely used across Linux distributions and applications for data structure handling, type systems, and inter-process communication. The vulnerability resides in the GVariant parser component, which handles serialized data representation. The root cause is classified as CWE-190 (Integer Overflow or Wraparound), which in this case manifests as a buffer-underflow condition when the parser processes specially crafted input strings without proper bounds checking. The affected CPE includes cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* (all GLib versions), cpe:2.3:o:redhat:enterprise_linux:7.0 through 10.0, indicating this is a foundational library issue with wide distribution impact. The parser's insufficient validation of string length calculations allows an attacker to write data below allocated buffer boundaries, corrupting the heap.

Affected Products

GLib versions across all releases are affected, identified via CPE cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*. Red Hat Enterprise Linux versions 7.0, 8.0, 9.0, and 10.0 are impacted as GLib is a foundational dependency. The vulnerability is tracked in Red Hat's system via Bugzilla ticket 2419093 (https://bugzilla.redhat.com/show_bug.cgi?id=2419093) and in GNOME's upstream project tracker at https://gitlab.gnome.org/GNOME/glib/-/issues/3834. Detailed vendor advisory is available through Red Hat's CVE portal at https://access.redhat.com/security/cve/CVE-2025-14087.

Remediation

Apply security updates from your vendor: For Red Hat Enterprise Linux, obtain updated GLib packages from your subscription management system (https://access.redhat.com/security/cve/CVE-2025-14087) and deploy via standard package management (yum/dnf). For GNOME systems, update GLib to the patched version released by GNOME (monitor https://gitlab.gnome.org/GNOME/glib/-/issues/3834 for release details). Until patches can be deployed, mitigate risk by restricting network access to applications using GLib, disabling untrusted input sources, and running affected services with reduced privileges. Input validation at application boundaries can reduce but not eliminate risk. Given the AC:H requirement, applying patches within normal maintenance windows (not emergency cadence) is appropriate unless environment-specific exploitation factors are identified.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +28
POC: 0

Vendor Status

Share

CVE-2025-14087 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy