Skip to main content

GLib CVE-2025-4056

HIGH
Code Injection (CWE-94)
2025-07-28 secalert@redhat.com
High
Disputed · 7.5 Vendor: redhat
Share

Severity by source

Sources disagree (Low–High)
Vendor (redhat) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.2 MEDIUM

Trigger is a local application spawning a child process, so AV:L; availability-only DoS gives A:H with C:N/I:N, and no privileges needed to supply oversized input.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Red Hat
7.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 25, 2026 - 08:30 vuln.today
CVE Published
Jul 28, 2025 - 13:15 cve.org
HIGH 7.5

DescriptionCVE.org

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

AnalysisAI

Denial of service in GNOME GLib on Windows platforms occurs when an application uses GLib's process-spawning functions with excessively long command lines, causing the spawn operation to fail or crash the host process and disrupt availability. The flaw affects the GLib library's Windows command-line handling and impacts any Windows application that links GLib and passes attacker-influenced long argument strings to a child process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; despite Red Hat tags mentioning RCE/Code Injection, the CVSS impact metrics confirm availability-only impact (C:N/I:N/A:H).

Technical ContextAI

GLib is the low-level core utility library underpinning GNOME and a large ecosystem of cross-platform GTK applications (GIMP, Inkscape, Pidgin, and many others), providing data structures, an event loop, and OS abstraction including the g_spawn_* process-creation API. On Windows, command-line construction and the CreateProcess path differ fundamentally from POSIX exec semantics: arguments must be flattened and quoted into a single command string subject to Windows length limits (the ~32,767-character CreateProcess ceiling and shorter cmd.exe limits). The assigned CWE-94 (Improper Control of Generation of Code, 'Code Injection') frames the root cause as faulty generation of the spawned command, though the observed real-world impact is a resource/availability failure rather than confirmed arbitrary code execution. The affected component is identified by CPE cpe:2.3:a:gnome:glib (all versions) and the behavior is platform-specific to Windows.

RemediationAI

No vendor-released patch version was identified at time of analysis; the references point to issue/bug trackers (GNOME GLib issue 3668 and Red Hat Bugzilla 2362826) rather than a tagged patched release, so monitor https://gitlab.gnome.org/GNOME/glib/-/issues/3668 and https://access.redhat.com/security/cve/CVE-2025-4056 for the fixed version and upgrade GLib once published. As compensating controls for Windows deployments, restrict or validate the length of arguments before passing them to GLib spawn APIs (reject or truncate command lines approaching the Windows ~32,767-character CreateProcess limit), which prevents the crash at the cost of failing legitimate oversized invocations; where feasible, sanitize and bound any untrusted input that flows into child-process arguments, and avoid passing user-controlled data directly into process spawning. If a specific application is the vector, consider running it with reduced privileges and restart supervision so a DoS crash does not cascade, accepting the trade-off of additional operational monitoring.

More in Glib

View all
CVE-2025-13601 HIGH POC
7.7 Nov 26

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and

CVE-2025-14087 CRITICAL
9.8 Dec 10

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian

CVE-2026-58016 CRITICAL
9.1 Jun 30

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B

CVE-2026-58014 HIGH
8.6 Jun 30

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key

CVE-2026-58013 HIGH
8.2 Jun 30

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library

CVE-2026-58012 HIGH
8.2 Jun 30

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and c

CVE-2026-58010 HIGH
8.2 Jun 30

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory

CVE-2026-58015 HIGH
7.5 Jun 30

Arbitrary file disclosure in GLib's GDBus client affects the DBUS_COOKIE_SHA1 SASL authentication mechanism, where the c

CVE-2026-58011 HIGH
7.5 Jun 30

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output an

CVE-2025-14512 MEDIUM
6.5 Dec 11

Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when pro

Vendor StatusVendor

Share

CVE-2025-4056 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy