Fluid Attacks Database

Description

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| >=0 <2.86.3-1	2.86.3-1
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| >=0 <2.66.8-1+deb11u7	2.66.8-1+deb11u7
debian 13	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3~deb13u1 \|\| >=0 <2.84.4-3~deb13u2	2.84.4-3~deb13u2
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| =2.74.6-2+deb12u7 \|\| >=0 <2.74.6-2+deb12u8	2.74.6-2+deb12u8
rpm rhel9	glib2	<0:2.68.4-19.el9_8.1	0:2.68.4-19.el9_8.1
rpm rhel10	mingw-glib2	-	-
rpm rhel10	glib2	<0:2.80.4-12.el10_2.13	0:2.80.4-12.el10_2.13
rpm rhel8	glib2	<0:2.56.4-169.el8_10	0:2.56.4-169.el8_10
rpm rhel6	glib2	-	-
rpm rhel7	glib2	-	-

1-10 of 16

Aliases

1. CVE-2025-145122. NVD-2025-145123. OSV-DEBIAN-2025-145124. OSV-2025-145125. SECURITY-TRACKER-CVE-2025-14512

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.