rpm package
suse/glib2&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14512 | Med | 6.5 | < 2.62.6-150200.3.36.1 | 2.62.6-150200.3.36.1 | Dec 11, 2025 | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | |
| CVE-2025-14087 | Med | 5.6 | < 2.62.6-150200.3.36.1 | 2.62.6-150200.3.36.1 | Dec 10, 2025 | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | |
| CVE-2025-13601 | Hig | 7.7 | < 2.62.6-150200.3.36.1 | 2.62.6-150200.3.36.1 | Nov 26, 2025 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length | |
| CVE-2024-52533 | — | < 2.62.6-150200.3.24.1 | 2.62.6-150200.3.24.1 | Nov 11, 2024 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | ||
| CVE-2021-28153 | — | < 2.62.6-150200.3.10.1 | 2.62.6-150200.3.10.1 | Mar 11, 2021 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re |
- affected < 2.62.6-150200.3.36.1fixed 2.62.6-150200.3.36.1
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
- affected < 2.62.6-150200.3.36.1fixed 2.62.6-150200.3.36.1
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
- affected < 2.62.6-150200.3.36.1fixed 2.62.6-150200.3.36.1
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length
- CVE-2024-52533Nov 11, 2024affected < 2.62.6-150200.3.24.1fixed 2.62.6-150200.3.24.1
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
- CVE-2021-28153Mar 11, 2021affected < 2.62.6-150200.3.10.1fixed 2.62.6-150200.3.10.1
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security re