Fluid Attacks Database

Description

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	glib2.0	>=0 <2.84.3-1	2.84.3-1
debian 14	glib2.0	>=0 <2.84.3-1	2.84.3-1
rpm rhel10	glib2	-	-
rpm rhel10	mingw-glib2	-	-
rpm rhel9	mingw-glib2	-	-

Aliases

1. CVE-2025-60522. NVD-2025-60523. OSV-DEBIAN-2025-60524. OSV-2025-60525. SECURITY-TRACKER-CVE-2025-6052

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.