CVEFinder.io

CVE-2025-14087

πŸ”Ά medium
Summary

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CVSS Score
5.6
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2025-12-10
First Seen: 2026-01-05
Last Modified 2026-02-06
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE IDs (Weakness Types)
CWE-190

πŸ”— References 2

https://access.redhat.com/security/cve/CVE-2025-14087
Mitigation Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2419093
Issue Tracking Third Party Advisory

πŸ“¦ Affected Products 7

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
gnome glib Affected
< 2.86.3
gnome glib Affected
< 2.86.3
red_hat red_hat_enterprise_linux_6 Affected All versions

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14512 πŸ”Ά medium 6.5 0.1 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov... 2025-12-11
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-12744 ⚠️ high 8.8 0.0 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from... 2025-12-03
CVE-2025-13601 ⚠️ high 7.7 0.0 A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_u... 2025-11-26
CVE-2025-13502 ⚠️ high 7.5 0.1 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, lea... 2025-11-25
CVE-2025-13193 πŸ”Ά medium 5.5 0.0 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, ma... 2025-11-17
These CVEs affect the same products