Glib

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-14087 MEDIUM PATCH This Month

A buffer-underflow vulnerability exists in GLib's GVariant parser that allows remote attackers to trigger heap corruption through maliciously crafted input strings. This affects GNOME GLib and all versions of Red Hat Enterprise Linux (7.0 through 10.0), potentially enabling denial of service or remote code execution. The vulnerability has an EPSS score of 0.26% (percentile 49%) indicating low exploitation probability despite the moderate CVSS score of 5.6.

Denial Of Service RCE Glib Enterprise Linux Redhat +1
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2025-13601 HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian Enterprise Linux Server For Power Little Endian Eus Discovery +27
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-14087
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A buffer-underflow vulnerability exists in GLib's GVariant parser that allows remote attackers to trigger heap corruption through maliciously crafted input strings. This affects GNOME GLib and all versions of Red Hat Enterprise Linux (7.0 through 10.0), potentially enabling denial of service or remote code execution. The vulnerability has an EPSS score of 0.26% (percentile 49%) indicating low exploitation probability despite the moderate CVSS score of 5.6.

Denial Of Service RCE Glib +3
NVD
CVE-2025-13601
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the glib library's g_escape_uri_string() function due to an integer overflow in buffer size calculation when processing strings with a very large number of characters requiring URI escaping. This vulnerability affects multiple Red Hat Enterprise Linux 9.0 and 10.0 distributions across various architectures (x86_64, ARM64, IBM Z, Power). A proof-of-concept exploit is publicly available, though EPSS scoring indicates only 0.01% exploitation probability (1st percentile), suggesting limited active exploitation in the wild despite the availability of exploit code.

Buffer Overflow Enterprise Linux For Power Little Endian Eus Enterprise Linux Server For Power Little Endian +29
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy