CVE-2025-6052

ℹ️ low

Summary

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

CVSS Score

3.7

Low

EPSS Score

0.1

Exploit Probability

Published Date

2025-06-13

First Seen: 2026-01-05

Last Modified 2025-08-20

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE IDs (Weakness Types)

CWE-190

🔗 References 2

https://access.redhat.com/security/cve/CVE-2025-6052

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2372666

Issue Tracking Third Party Advisory

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
gnome	glib	Affected	≥ 2.75.3 ≤ 2.84.3

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-14512	🔶 medium	6.5	0.1	A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer ov...	2025-12-11
CVE-2025-14087	🔶 medium	5.6	0.3	A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a...	2025-12-10
CVE-2025-13601	⚠️ high	7.7	0.0	A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_u...	2025-11-26
CVE-2025-4056	⚠️ high	7.5	0.1	A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a progr...	2025-07-28
CVE-2024-52533	⛔ critical	9.8	3.1	gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CON...	2024-11-11
CVE-2024-34397	🔶 medium	5.2	0.2	An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subs...	2024-05-07

These CVEs affect the same products