Skip to main content

Glib CVE-2025-14512

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2025-12-11 secalert@redhat.com
6.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 19, 2026 - 20:35 vuln.today

DescriptionCVE.org

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

AnalysisAI

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Technical ContextAI

GLib is the core utility library used by GNOME and widely deployed across Linux distributions. The vulnerability resides in GIO's escape_byte_string() function, part of the input/output abstraction layer responsible for handling filesystem metadata and remote mount attributes. The root cause is CWE-190 (integer overflow), where integer arithmetic on attribute value lengths fails to validate boundaries before allocation or buffer operations. When crafted malicious attribute values (e.g., extended filesystem attributes, SMB/NFS mount options, or file metadata) are processed, the integer overflow allows an attacker to bypass length checks, resulting in a heap buffer overflow. This affects all GLib versions where this function lacks proper integer sanitization. The network attack vector (AV:N) indicates remote filesystems or network-accessible attribute sources (e.g., SMB, NFS, HTTP-based file services) can trigger exploitation.

RemediationAI

Primary fix: Apply the vendor-released security patch via the distribution's package manager. Red Hat Enterprise Linux users should install the patched glib2 package from RHSA-2026:7461 (advisory URL: https://access.redhat.com/errata/RHSA-2026:7461). GNOME upstream users should upgrade to the patched GLib release available at https://gitlab.gnome.org/GNOME/glib/-/issues/3845. For systems unable to patch immediately, implement network-level mitigations: (1) restrict access to network filesystem protocols (SMB, NFS, WebDAV) to trusted sources only-block unauthorized mount attempts and limit SMB/NFS to internal networks with ACLs; side effect is reduced file sharing flexibility. (2) Disable or restrict GIO-based file managers (Nautilus/GNOME Files) on desktop systems if users do not require network file browsing-reduces exposure surface but limits usability. (3) Monitor system logs for unexpected filesystem attribute access or buffer overflow crashes in GLib-dependent applications (file managers, preview generators, system services); configure SELinux or AppArmor to confine GLib-using processes to prevent lateral movement post-exploitation. Most effective is prompt patching given RHSA advisory availability and low activation barriers (patch is standard distribution maintenance).

More in Glib

View all
CVE-2024-52533 CRITICAL POC
9.8 Nov 11

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CON

CVE-2018-16428 CRITICAL POC
9.8 Sep 04

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Rated critical sev

CVE-2020-35457 HIGH POC
7.8 Dec 14

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entri

CVE-2025-13601 HIGH POC
7.7 Nov 26

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and

CVE-2021-27219 HIGH POC
7.5 Feb 15

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulne

CVE-2018-16429 HIGH POC
7.5 Sep 04

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf

CVE-2020-6750 MEDIUM POC
5.9 Jan 09

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting v

CVE-2025-14087 CRITICAL
9.8 Dec 10

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian

CVE-2019-12450 CRITICAL
9.8 May 29

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while

CVE-2021-28153 MEDIUM POC
5.3 Mar 11

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex

CVE-2024-34397 MEDIUM POC
5.2 May 07

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.

CVE-2026-58016 CRITICAL
9.1 Jun 30

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.4 Container suse/sle-micro/base-5.5:2.0.4-5.8.230 Container suse/sle-micro/kvm-5.5:2.0.4-3.5.441 Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-Azure Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-Azure Image SLES15-SP5-Azure-3P Image SLES15-SP5-Azure-Basic Image SLES15-SP5-Azure-Standard Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-Azure Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Image SLES15-SP5-Micro-5-5-BYOS Image SLES15-SP5-Micro-5-5-BYOS-Azure Image SLES15-SP5-Micro-5-5-EC2 Affected
Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.4 Affected
Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.2.8.15.2 Container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.2.9.13.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-EC2 Image SLES15-SP6-EC2-ECS-HVM Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-EC2 Image SLES15-SP7-EC2-ECS-HVM Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image proxy-httpd-image Image server-image Affected
Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/server-attestation:latest Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.2.8.13.1 Container suse/multi-linux-manager/5.1/x86_64/server-saline:5.1.2.9.13.1 Image proxy-salt-broker-image Image server-hub-xmlrpc-api-image Image server-saline-image Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.115 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.81 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.102 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.117 Image SL-Micro Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected

Share

CVE-2025-14512 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy