Description
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Published:
2025-12-11
Score:
6.5 Medium
EPSS:
< 1% Very Low
KEV:
No
Impact:
Denial of Service
Action:
Apply Patch
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| GNOME | glib | unaffected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 10 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 10 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | affected |
|
||||||
| Red Hat | Red Hat AI Inference Server 3.2 | affected |
|
||||||
| Red Hat | Red Hat Discovery 2 | affected |
|
||||||
| Red Hat | Red Hat Discovery 2 | affected |
|
||||||
| Red Hat | Red Hat Hardened Images | affected |
|
||||||
| Red Hat | Red Hat Insights proxy 1.5 | affected |
|
||||||
| Red Hat | Red Hat Update Infrastructure 5 | affected |
|
||||||
| Red Hat | Red Hat Update Infrastructure 5 | affected |
|
||||||
| Red Hat | Red Hat Update Infrastructure 5 | affected |
|
||||||
| Red Hat | Red Hat Update Infrastructure 5 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 10 | affected | — | ||||||
| Red Hat | Red Hat Enterprise Linux 6 | unknown | — | ||||||
| Red Hat | Red Hat Enterprise Linux 7 | affected | — | ||||||
| Red Hat | Red Hat Enterprise Linux 8 | affected | — | ||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected | — | ||||||
| Red Hat | Red Hat In-Vehicle Operating System 1 | affected | — | ||||||
| Red Hat | Red Hat In-Vehicle Operating System 1 | affected | — | ||||||
| Red Hat | Red Hat OpenShift Container Platform 4 | affected | — |
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
Vendor Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-4412-1 | glib2.0 security update |
References
History
Thu, 25 Jun 2026 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhivos
|
|
| CPEs | cpe:/o:redhat:rhivos:1 | |
| Vendors & Products |
Redhat rhivos
|
Wed, 24 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat discovery
|
|
| CPEs | cpe:/a:redhat:discovery:2::el9 | |
| Vendors & Products |
Redhat discovery
|
|
| References |
|
Wed, 10 Jun 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat ai Inference Server
|
|
| CPEs | cpe:/a:redhat:ai_inference_server:3.2::el9 | |
| Vendors & Products |
Redhat ai Inference Server
|
|
| References |
|
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat insights Proxy
|
|
| CPEs | cpe:/a:redhat:insights_proxy:1.5::el9 | |
| Vendors & Products |
Redhat insights Proxy
|
|
| References |
|
Wed, 27 May 2026 08:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhui
|
|
| CPEs | cpe:/a:redhat:rhui:5::el9 | |
| Vendors & Products |
Redhat rhui
|
|
| References |
|
Wed, 20 May 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat enterprise Linux Eus
|
|
| CPEs | cpe:/o:redhat:enterprise_linux_eus:10.0 | |
| Vendors & Products |
Redhat enterprise Linux Eus
|
|
| References |
|
Wed, 20 May 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel Aus
Redhat rhel Eus Long Life |
|
| CPEs | cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Vendors & Products |
Redhat rhel Aus
Redhat rhel Eus Long Life |
|
| References |
|
Wed, 20 May 2026 05:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel Tus
|
|
| CPEs | cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_eus:9.6::baseos cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Vendors & Products |
Redhat rhel Tus
|
|
| References |
|
Wed, 20 May 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel E4s
Redhat rhel Eus |
|
| CPEs | cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Vendors & Products |
Redhat rhel E4s
Redhat rhel Eus |
|
| References |
|
Tue, 19 May 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 19 May 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/o:redhat:enterprise_linux:10.2 | |
| References |
|
Mon, 11 May 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/o:redhat:enterprise_linux:10.1 | |
| References |
|
Mon, 11 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos |
|
| References |
|
Mon, 11 May 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos |
|
| References |
|
Sun, 19 Apr 2026 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 13 Apr 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat hummingbird
|
|
| CPEs | cpe:/a:redhat:hummingbird:1 | |
| Vendors & Products |
Redhat hummingbird
|
Thu, 19 Mar 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Fri, 06 Feb 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Gnome
Gnome glib |
|
| CPEs | cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
| Vendors & Products |
Gnome
Gnome glib |
Thu, 11 Dec 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 11 Dec 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 11 Dec 2025 07:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | |
| Title | Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow | |
| First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
| Weaknesses | CWE-190 | |
| CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
Gnome
Subscribe
Glib
Subscribe
Redhat
Subscribe
Ai Inference Server
Subscribe
Discovery
Subscribe
Enterprise Linux
Subscribe
Enterprise Linux Eus
Subscribe
Hummingbird
Subscribe
Insights Proxy
Subscribe
Openshift
Subscribe
Rhel Aus
Subscribe
Rhel E4s
Subscribe
Rhel Eus
Subscribe
Rhel Eus Long Life
Subscribe
Rhel Tus
Subscribe
Rhivos
Subscribe
Rhui
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-06-25T03:27:49.573Z
Reserved: 2025-12-11T06:28:34.708Z
Link: CVE-2025-14512
Vulnrichment
Updated: 2025-12-11T14:57:03.170Z
NVD
Status : Modified
Published: 2025-12-11T07:16:00.463
Modified: 2026-06-17T08:36:02.787
Link: CVE-2025-14512
Redhat
OpenCVE Enrichment
Updated: 2026-04-20T15:30:06Z
Weaknesses