CVE-2025-14512

Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

Published: 12/11/2025 Last updated: 6/2/2026 Reserved: 12/11/2025

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-glib-2

Products affected (63)

Product	Vendor	Version
glib	GNOME	Itanium-Based Systems Service Pack 1
glib	GNOME	Windows Server 2016
Red Hat Enterprise Linux 10	Red Hat	< 10.0.25398.1665
Red Hat Enterprise Linux 10.0 Extended Update Support	Red Hat	x64-based Systems Service Pack 1
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	Intel(R) Quartus(R) Prime all versions 15.1 to 18.1, and Intel(R) Quartus(R) II versions 9.1 to 15.0.
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	< 10.0.26100.4349
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	x64-based Systems Service Pack 1 (Server Core installation)
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	< 10.0.26100.4349
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	32-bit Systems
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	Version 1607 for 32-bit Systems
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	Version 1607 for x64-based Systems
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	1.0 - 1.9.1
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	Version 1703 for 32-bit Systems
Red Hat Enterprise Linux 9.6 Extended Update Support	Red Hat	Version 1703 for x64-based Systems
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 10.0 Extended Update Support	Red Hat	See provided reference
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	Windows 10 Version 1607 for x64-based Systems
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Red Hat	< 3.2.19
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Red Hat	Windows 10 Version 1709 for 32-bit Systems
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Red Hat	Windows 10 Version 1709 for x64-based Systems
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Red Hat	< 7.0.99.B
Red Hat Enterprise Linux 9	Red Hat	Windows 10 Version 1803 for 32-bit Systems
Red Hat Enterprise Linux 9	Red Hat	< 8.5.47.A
Red Hat Enterprise Linux 9	Red Hat	Windows 10 Version 1803 for x64-based Systems
Red Hat Enterprise Linux 9	Red Hat	< 9.0.27.A
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Red Hat	Windows 10 Version 1803 for ARM64-based Systems
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Red Hat	10.5
Red Hat Enterprise Linux 9.4 Extended Update Support	Red Hat	Windows 10 Version 1809 for 32-bit Systems
Red Hat Enterprise Linux 9.6 Extended Update Support	Red Hat	< 7.0.99.B
Red Hat Enterprise Linux 6	Red Hat	Windows Server 2019
Red Hat Enterprise Linux 7	Red Hat	11.1
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	< 68.0.3440.75
Red Hat Enterprise Linux 10	Red Hat	< 4.0.10
Red Hat Enterprise Linux 10	Red Hat	Windows 10 Version 1607 for 32-bit Systems
Red Hat Hardened Images	Red Hat	<= 12.0
Red Hat Hardened Images	Red Hat	n/a
Red Hat Insights proxy 1.5	Red Hat	Version 1803 for 32-bit Systems
Red Hat Insights proxy 1.5	Red Hat	Windows 10 Version 1809 for x64-based Systems
Red Hat Enterprise Linux 9	Red Hat	Moxa OnCell G3100-HSPA Series
Red Hat Enterprise Linux 10	Red Hat	x64-based Systems
Red Hat Enterprise Linux 8	Red Hat	Windows 10 Version 1709 for ARM64-based Systems
Red Hat Enterprise Linux 9	Red Hat	unspecified
Red Hat Enterprise Linux 10	Red Hat	<= 12.0
Red Hat OpenShift Container Platform 4	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	Windows 7 for 32-bit Systems Service Pack 1
Red Hat Update Infrastructure 5	Red Hat	APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150
Red Hat Update Infrastructure 5	Red Hat	10.1
Red Hat Update Infrastructure 5	Red Hat	Version 1803 for x64-based Systems
Red Hat Update Infrastructure 5	Red Hat	< 8.5.47.A
Red Hat Update Infrastructure 5	Red Hat	Windows 10 Version 1809 for ARM64-based Systems
Red Hat Update Infrastructure 5	Red Hat	12.2.1.2.0
Red Hat Update Infrastructure 5	Red Hat	9.7
Red Hat Update Infrastructure 5	Red Hat	12.2.1.3.0

References (38)

Credits (2)

Red Hat would like to thank Codean Labs for reporting this issue.
Red Hat would like to thank Codean Labs for reporting this issue.