CVEFinder.io

CVE-2025-14512

πŸ”Ά medium
Summary

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

CVSS Score
6.5
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-12-11
First Seen: 2026-01-05
Last Modified 2026-02-06
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-190

πŸ”— References 2

https://access.redhat.com/security/cve/CVE-2025-14512
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2421339
Issue Tracking Third Party Advisory

πŸ“¦ Affected Products 8

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
gnome glib Affected
< 2.86.3
gnome glib Affected
< 2.86.3
redhat openshift Affected
v4.0
red_hat red_hat_enterprise_linux_6 Affected All versions

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14087 πŸ”Ά medium 5.6 0.3 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a... 2025-12-10
CVE-2025-66287 ⚠️ high 8.8 0.1 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper me... 2025-12-04
CVE-2025-12744 ⚠️ high 8.8 0.0 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from... 2025-12-03
CVE-2025-13601 ⚠️ high 7.7 0.0 A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_u... 2025-11-26
CVE-2025-13502 ⚠️ high 7.5 0.1 A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, lea... 2025-11-25
CVE-2025-13193 πŸ”Ά medium 5.5 0.0 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, ma... 2025-11-17
These CVEs affect the same products