JLSEC-2025-167

A flaw was found in how GLib’s GString manages memory when adding data to strings

JLSEC Published: Oct 19, 2025
Modified: Oct 31, 2025
Affected Packages: Glib_jll >= 2.76.5+0, < 2.86.0+0
Aliases / Upstream: CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

References

https://access.redhat.com/security/cve/CVE-2025-6052
https://bugzilla.redhat.com/show_bug.cgi?id=2372666