CVE-2025-14512

Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

Published: 12/11/2025 Last updated: 1/6/2026 Reserved: 12/11/2025

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-glib-2

Products affected (8)

Product	Vendor	Version
glib	GNOME	< 2.6.12
Red Hat Enterprise Linux 9	Red Hat	<= *
Red Hat Enterprise Linux 7	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 8	Red Hat	<= 5.15.*
Red Hat Enterprise Linux 8	Red Hat	<= 6.15.*
Red Hat Enterprise Linux 10	Red Hat	<= 5.4.*
Red Hat Enterprise Linux 9	Red Hat	< 460e0dc9af2d7790d5194c6743d79f9b77b58836
Red Hat OpenShift Container Platform 4	Red Hat	< afa27b7c17a48e01546ccaad0ab017ad0496a522

References (4)

Credits (2)

Red Hat would like to thank Codean Labs for reporting this issue.
Red Hat would like to thank Codean Labs for reporting this issue.