CVE-2025-14512 - Vulnerability Details

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00504.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GNOME

glib

unaffected

Version	Status	Constraints
`0`	affected	< 2.86.3

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:2.80.4-10.el10_1.13`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:2.80.4-12.el10_2.13`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 10.0 Extended Update Support

affected

Version	Status	Constraints
`0:2.80.4-4.el10_0.9`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.56.4-169.el8_10`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

affected

Version	Status	Constraints
`0:2.56.4-10.el8_4.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-158.el8_6.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

affected

Version	Status	Constraints
`0:2.56.4-165.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.56.4-165.el8_8`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-18.el9_7.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-19.el9_8.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-18.el9_7.2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.68.4-19.el9_8.1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-5.el9_0.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`0:2.68.4-7.el9_2.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

affected

Version	Status	Constraints
`0:2.68.4-14.el9_4.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

affected

Version	Status	Constraints
`0:2.68.4-16.el9_6.5`	unaffected	< *

Red Hat

Red Hat AI Inference Server 3.2

affected

Version	Status	Constraints
`1780681984`	unaffected	< *

Red Hat

Red Hat Discovery 2

affected

Version	Status	Constraints
`1782159791`	unaffected	< *

Red Hat

Red Hat Discovery 2

affected

Version	Status	Constraints
`1782166952`	unaffected	< *

Red Hat

Red Hat Hardened Images

affected

Version	Status	Constraints
`2.88.0-1.1.hum1`	unaffected	< *

Red Hat

Red Hat Insights proxy 1.5

affected

Version	Status	Constraints
`1780420428`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`1779798159`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`1779798164`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`1779798165`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`1779798222`	unaffected	< *

Red Hat Red Hat Enterprise Linux 10 affected —

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 9 affected —

Red Hat Red Hat In-Vehicle Operating System 1 affected —

Red Hat Red Hat OpenShift Container Platform 4 affected —

Configuration 1 [-]

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:openshift:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0::::-:::
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors	Products
Gnome Subscribe	Glib Subscribe
Redhat Subscribe	Ai Inference Server Subscribe Discovery Subscribe Enterprise Linux Subscribe Enterprise Linux Eus Subscribe Hummingbird Subscribe Insights Proxy Subscribe Openshift Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Eus Subscribe Rhel Eus Long Life Subscribe Rhel Tus Subscribe Rhivos Subscribe Rhui Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4412-1	glib2.0 security update

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:15953
https://access.redhat.com/errata/RHSA-2026:15969
https://access.redhat.com/errata/RHSA-2026:15971
https://access.redhat.com/errata/RHSA-2026:19148
https://access.redhat.com/errata/RHSA-2026:19361
https://access.redhat.com/errata/RHSA-2026:19452
https://access.redhat.com/errata/RHSA-2026:19457
https://access.redhat.com/errata/RHSA-2026:19459
https://access.redhat.com/errata/RHSA-2026:19460
https://access.redhat.com/errata/RHSA-2026:19523
https://access.redhat.com/errata/RHSA-2026:19524
https://access.redhat.com/errata/RHSA-2026:19565
https://access.redhat.com/errata/RHSA-2026:19567
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:22634
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:29197
https://access.redhat.com/errata/RHSA-2026:7461
https://access.redhat.com/security/cve/CVE-2025-14512
https://bugzilla.redhat.com/show_bug.cgi?id=2421339
https://gitlab.gnome.org/GNOME/glib/-/issues/3845
https://nvd.nist.gov/vuln/detail/CVE-2025-14512
https://www.cve.org/CVERecord?id=CVE-2025-14512

History

Thu, 25 Jun 2026 03:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery
CPEs		cpe:/a:redhat:discovery:2::el9
Vendors & Products		Redhat discovery
References		https://access.redhat.com/errata/RHSA-2026:29197

Wed, 10 Jun 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ai Inference Server
CPEs		cpe:/a:redhat:ai_inference_server:3.2::el9
Vendors & Products		Redhat ai Inference Server
References		https://access.redhat.com/errata/RHSA-2026:25096

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2026:22634

Wed, 27 May 2026 08:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhui
CPEs		cpe:/a:redhat:rhui:5::el9
Vendors & Products		Redhat rhui
References		https://access.redhat.com/errata/RHSA-2026:21275

Wed, 20 May 2026 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux Eus
CPEs		cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products		Redhat enterprise Linux Eus
References		https://access.redhat.com/errata/RHSA-2026:19567

Wed, 20 May 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Eus Long Life
CPEs		cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2026:19524 https://access.redhat.com/errata/RHSA-2026:19565

Wed, 20 May 2026 05:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_eus:9.6::appstream cpe:/a:redhat:rhel_eus:9.6::crb cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_eus:9.6::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products		Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2026:19457 https://access.redhat.com/errata/RHSA-2026:19523

Wed, 20 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel E4s Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2026:19452 https://access.redhat.com/errata/RHSA-2026:19459 https://access.redhat.com/errata/RHSA-2026:19460

Tue, 19 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2026:19361

Tue, 19 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.2
References		https://access.redhat.com/errata/RHSA-2026:19148

Mon, 11 May 2026 22:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10.1
References		https://access.redhat.com/errata/RHSA-2026:15969

Mon, 11 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2026:15953

Mon, 11 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:15971

Sun, 19 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2026:7461

Mon, 13 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat hummingbird
CPEs		cpe:/a:redhat:hummingbird:1
Vendors & Products		Redhat hummingbird

Thu, 19 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
References		https://gitlab.gnome.org/GNOME/glib/-/issues/3845

Fri, 06 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnome Gnome glib
CPEs		cpe:2.3:a:gnome:glib:::::::: cpe:2.3:a:redhat:openshift:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0::::-::: cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Gnome Gnome glib

Thu, 11 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 11 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-14512 https://www.cve.org/CVERecord?id=CVE-2025-14512
Metrics	threat_severity `None`	threat_severity `Moderate`

Thu, 11 Dec 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Title		Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-190
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-14512 https://bugzilla.redhat.com/show_bug.cgi?id=2421339
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-12-11T07:11:02.182Z

Updated: 2026-06-25T03:27:49.573Z

Reserved: 2025-12-11T06:28:34.708Z

Link: CVE-2025-14512

Vulnrichment

Updated: 2025-12-11T14:57:03.170Z

NVD

Status : Modified

Published: 2025-12-11T07:16:00.463

Modified: 2026-06-17T08:36:02.787

Link: CVE-2025-14512

Redhat

Severity : Moderate

Publid Date: 2025-12-11T00:00:00Z

Links: CVE-2025-14512 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T15:30:06Z

Weaknesses

CWE-190

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object