Medium severity5.6NVD Advisory· Published Dec 10, 2025· Updated May 11, 2026

CVE-2025-14087

Description

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Affected products

GNOME Foundation/Glib
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Range: <2.86.3
Red Hat/Enterprise Linux4 versions
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

7a54787e16ce

https://github.com/gnome/glibvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/security/cve/CVE-2025-14087nvdMitigationThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
access.redhat.com/errata/RHSA-2026:15953nvd
access.redhat.com/errata/RHSA-2026:15969nvd
access.redhat.com/errata/RHSA-2026:15971nvd
access.redhat.com/errata/RHSA-2026:7461nvd
gitlab.gnome.org/GNOME/glib/-/issues/3834nvd

News mentions

No linked articles in our index yet.

cvss	0.364
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000