CVE Catalog

CVE-2025-14512

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

41th percentile - higher than 41% of all known CVEs

Summary

A flaw in glib allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in the GIO escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Risk Assessment

An attacker can remotely crash applications using glib, leading to service disruption (DoS). In extreme cases, the buffer overflow could enable arbitrary code execution, though the description primarily indicates DoS.

Recommendation

Immediately update glib to a patched version. If an update is not possible, restrict access to untrusted data sources (files, remote filesystems) processed by GIO.

Original NVD description (English source)

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS