JLSEC-2026-488 Medium 5.6

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap...

JLSEC Published: May 7, 2026
Modified: May 7, 2026
Severity: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Packages: Glib_jll < 2.86.3+0
Aliases / Upstream: CVE-2025-14087 GHSA-frh9-7wfp-w73p EUVD-2025-202405

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

References

https://access.redhat.com/errata/RHSA-2026:7461
https://access.redhat.com/security/cve/CVE-2025-14087
https://bugzilla.redhat.com/show_bug.cgi?id=2419093
https://github.com/advisories/GHSA-frh9-7wfp-w73p
https://gitlab.gnome.org/GNOME/glib/-/issues/3834
https://nvd.nist.gov/vuln/detail/CVE-2025-14087