CVE-2025-14512

Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

Published: 12/11/2025 Last updated: 4/19/2026 Reserved: 12/11/2025

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-glib-2

Products affected (20)

Product	Vendor	Version
glib	GNOME	n/a
glib	GNOME	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	before 2.1
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Hardened Images	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 10	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A
Red Hat Enterprise Linux 10	Red Hat	SD 400, SD 410/12, SD 617, SD 650/52, SD 800, SD 810
Red Hat OpenShift Container Platform 4	Red Hat	n/a
Red Hat OpenShift Container Platform 4	Red Hat	n/a

References (7)

Credits (2)

Red Hat would like to thank Codean Labs for reporting this issue.
Red Hat would like to thank Codean Labs for reporting this issue.