Skip to content

update: glib #2058

Open
Open
update: glib#2058
Labels
advisorysecurity advisorycvss/MEDIUM>= 4 && < 7 assessed CVSSsecuritysecurity concerns
@dongsupark

Description

@dongsupark
dongsupark
opened on Mar 25, 2026

Name: glib
CVEs: CVE-2025-14512, CVE-2026-0988
CVSSs: 6.5, 3.7
Action Needed: update to >= 2.87.1

Summary:

  • CVE-2025-14512: A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
  • CVE-2026-0988: A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

refmap.gentoo: TBD

Metadata

Metadata

Assignees

No one assigned

    Labels

    advisorysecurity advisorycvss/MEDIUM>= 4 && < 7 assessed CVSSsecuritysecurity concerns

    Type

    No type

    Projects

    Flatcar tactical, release planning, and roadmap

    Status

    🪵Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions