JLSEC-2026-489 Medium 6.5

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service ...

JLSEC Published: May 7, 2026
Modified: May 7, 2026
Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Packages: Glib_jll < 2.86.3+0
Aliases / Upstream: CVE-2025-14512 GHSA-2p5v-p767-wqv5 EUVD-2025-202664

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escapebytestring() function when processing malicious file or remote filesystem attribute values.

References

https://access.redhat.com/errata/RHSA-2026:7461
https://access.redhat.com/security/cve/CVE-2025-14512
https://bugzilla.redhat.com/show_bug.cgi?id=2421339
https://github.com/advisories/GHSA-2p5v-p767-wqv5
https://gitlab.gnome.org/GNOME/glib/-/issues/3845
https://nvd.nist.gov/vuln/detail/CVE-2025-14512