Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-14087

Опубликовано: 05 дек. 2025
Источник: redhat
CVSS3: 5.6
EPSS Низкий

Описание

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Отчет

The highest threat is to system availability due to potential application crashes when processing maliciously crafted input strings through GLib's GVariant parser. This issue affects applications that utilize g_variant_parse() on untrusted data, leading to memory corruption and possible denial of service.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10bootcNot affected
Red Hat Enterprise Linux 10glib2Affected
Red Hat Enterprise Linux 10glycin-loadersNot affected
Red Hat Enterprise Linux 10loupeNot affected
Red Hat Enterprise Linux 10mingw-glib2Affected
Red Hat Enterprise Linux 10papersNot affected
Red Hat Enterprise Linux 10rpm-ostreeNot affected
Red Hat Enterprise Linux 6glib2Affected
Red Hat Enterprise Linux 7glib2Affected
Red Hat Enterprise Linux 8glib2Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2419093glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

EPSS

Процентиль: 46%
0.00232
Низкий

5.6 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-14087

CVSS3: 5.6
ubuntu
4 месяца назад

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

nvd логотип

CVE-2025-14087

CVSS3: 5.6
nvd
4 месяца назад

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

msrc логотип

CVE-2025-14087

CVSS3: 5.6
msrc
3 месяца назад

Glib: glib: buffer underflow in gvariant parser leads to heap corruption

debian логотип

CVE-2025-14087

CVSS3: 5.6
debian
4 месяца назад

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remo ...

redos логотип

ROS-20260224-73-0008

CVSS3: 9.8
redos
около 1 месяца назад

Уязвимость glib2

EPSS

Процентиль: 46%
0.00232
Низкий

5.6 Medium

CVSS3