Skip to main content

GLib's GIO CVE-2025-14512

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2025-12-11 secalert@redhat.com
Buffer Overflow Integer Overflow
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 19, 2026 - 20:35 vuln.today

DescriptionNVD

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

AnalysisAI

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when processing malicious filesystem attribute values over the network. The vulnerability affects GLib across GNOME, Red Hat Enterprise Linux 7-10, and OpenShift 4.0+, requiring only unauthenticated network access and user interaction. EPSS score of 0.07% (percentile 22) indicates low exploitation probability despite CVSS 6.5, suggesting the attack requires specific file/attribute handling conditions; no public exploit or active exploitation (CISA KEV) confirmed at analysis time.

Technical ContextAI

GLib is the core utility library used by GNOME and widely deployed across Linux distributions. The vulnerability resides in GIO's escape_byte_string() function, part of the input/output abstraction layer responsible for handling filesystem metadata and remote mount attributes. The root cause is CWE-190 (integer overflow), where integer arithmetic on attribute value lengths fails to validate boundaries before allocation or buffer operations. When crafted malicious attribute values (e.g., extended filesystem attributes, SMB/NFS mount options, or file metadata) are processed, the integer overflow allows an attacker to bypass length checks, resulting in a heap buffer overflow. This affects all GLib versions where this function lacks proper integer sanitization. The network attack vector (AV:N) indicates remote filesystems or network-accessible attribute sources (e.g., SMB, NFS, HTTP-based file services) can trigger exploitation.

RemediationAI

Primary fix: Apply the vendor-released security patch via the distribution's package manager. Red Hat Enterprise Linux users should install the patched glib2 package from RHSA-2026:7461 (advisory URL: https://access.redhat.com/errata/RHSA-2026:7461). GNOME upstream users should upgrade to the patched GLib release available at https://gitlab.gnome.org/GNOME/glib/-/issues/3845. For systems unable to patch immediately, implement network-level mitigations: (1) restrict access to network filesystem protocols (SMB, NFS, WebDAV) to trusted sources only-block unauthorized mount attempts and limit SMB/NFS to internal networks with ACLs; side effect is reduced file sharing flexibility. (2) Disable or restrict GIO-based file managers (Nautilus/GNOME Files) on desktop systems if users do not require network file browsing-reduces exposure surface but limits usability. (3) Monitor system logs for unexpected filesystem attribute access or buffer overflow crashes in GLib-dependent applications (file managers, preview generators, system services); configure SELinux or AppArmor to confine GLib-using processes to prevent lateral movement post-exploitation. Most effective is prompt patching given RHSA advisory availability and low activation barriers (patch is standard distribution maintenance).

Vendor StatusVendor

Share

CVE-2025-14512 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy