Medium severity6.5NVD Advisory· Published Dec 11, 2025· Updated May 11, 2026

CVE-2025-14512

Description

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Affected products

GNOME Foundation/Glib
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Range: <2.86.3
Red Hat/Openshift
cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux4 versions
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Patches

7a54787e16ce

https://github.com/gnome/glibvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/security/cve/CVE-2025-14512nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
access.redhat.com/errata/RHSA-2026:15953nvd
access.redhat.com/errata/RHSA-2026:15969nvd
access.redhat.com/errata/RHSA-2026:15971nvd
access.redhat.com/errata/RHSA-2026:7461nvd
gitlab.gnome.org/GNOME/glib/-/issues/3845nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000