GLib
CVE-2025-4056
HIGH
Severity by source
Sources disagree (Low–High)AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Trigger is a local application spawning a child process, so AV:L; availability-only DoS gives A:H with C:N/I:N, and no privileges needed to supply oversized input.
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.
AnalysisAI
Denial of service in GNOME GLib on Windows platforms occurs when an application uses GLib's process-spawning functions with excessively long command lines, causing the spawn operation to fail or crash the host process and disrupt availability. The flaw affects the GLib library's Windows command-line handling and impacts any Windows application that links GLib and passes attacker-influenced long argument strings to a child process. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; despite Red Hat tags mentioning RCE/Code Injection, the CVSS impact metrics confirm availability-only impact (C:N/I:N/A:H).
Technical ContextAI
GLib is the low-level core utility library underpinning GNOME and a large ecosystem of cross-platform GTK applications (GIMP, Inkscape, Pidgin, and many others), providing data structures, an event loop, and OS abstraction including the g_spawn_* process-creation API. On Windows, command-line construction and the CreateProcess path differ fundamentally from POSIX exec semantics: arguments must be flattened and quoted into a single command string subject to Windows length limits (the ~32,767-character CreateProcess ceiling and shorter cmd.exe limits). The assigned CWE-94 (Improper Control of Generation of Code, 'Code Injection') frames the root cause as faulty generation of the spawned command, though the observed real-world impact is a resource/availability failure rather than confirmed arbitrary code execution. The affected component is identified by CPE cpe:2.3:a:gnome:glib (all versions) and the behavior is platform-specific to Windows.
RemediationAI
No vendor-released patch version was identified at time of analysis; the references point to issue/bug trackers (GNOME GLib issue 3668 and Red Hat Bugzilla 2362826) rather than a tagged patched release, so monitor https://gitlab.gnome.org/GNOME/glib/-/issues/3668 and https://access.redhat.com/security/cve/CVE-2025-4056 for the fixed version and upgrade GLib once published. As compensating controls for Windows deployments, restrict or validate the length of arguments before passing them to GLib spawn APIs (reject or truncate command lines approaching the Windows ~32,767-character CreateProcess limit), which prevents the crash at the cost of failing legitimate oversized invocations; where feasible, sanitize and bound any untrusted input that flows into child-process arguments, and avoid passing user-controlled data directly into process spawning. If a specific application is the vector, consider running it with reduced privileges and restart supervision so a DoS crash does not cascade, accepting the trade-off of additional operational monitoring.
Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and
Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian
Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B
Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key
Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library
Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and c
Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory
Arbitrary file disclosure in GLib's GDBus client affects the DBUS_COOKIE_SHA1 SASL authentication mechanism, where the c
Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output an
Integer overflow in GLib's GIO escape_byte_string() function enables heap buffer overflow and denial-of-service when pro
Same weakness CWE-94 – Code Injection
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today