« List of all CVEs

CVE-2025-14087

Glib: glib: buffer underflow in gvariant parser leads to heap corruption

Published: 12/10/2025 Last updated: 2/6/2026 Reserved: 12/5/2025

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 5.6 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Opam packages affected (1)

conf-glib-2

Products affected (14)

Product Vendor Version
Red Hat Enterprise Linux 8 Red Hat < 2.0.5
Red Hat Enterprise Linux 10 Red Hat <= < 2.0.9
Red Hat Enterprise Linux 6 Red Hat <= 1.0.6
Red Hat Enterprise Linux 7 Red Hat <= < 3.2.1
Red Hat Enterprise Linux 8 Red Hat <= <= 1.6
Red Hat Enterprise Linux 9 Red Hat <= <= 3.13.1
Red Hat Enterprise Linux 10 Red Hat <= <= 1.7.0
Red Hat Enterprise Linux 8 Red Hat <= <= 3.5.32
Red Hat Enterprise Linux 9 Red Hat <= <= 2.1.5
Red Hat Enterprise Linux 10 Red Hat <= <= 1.7
Red Hat Enterprise Linux 8 Red Hat <= <= 4.2.4
Red Hat Enterprise Linux 9 Red Hat 11.1
Red Hat Enterprise Linux 9 Red Hat <= 9.1.2
Red Hat Enterprise Linux 10 Red Hat <= <= 1.0.13

References (4)

Credits (2)