Fluid Attacks Database

Description

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| >=0 <2.74.6-2+deb12u7	2.74.6-2+deb12u7
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| >=0 <2.66.8-1+deb11u7	2.66.8-1+deb11u7
debian 13	glib2.0	>=0 <2.84.1-3	2.84.1-3
debian 14	glib2.0	>=0 <2.84.1-3	2.84.1-3
rpm rhel9	mingw-glib2	-	-
rpm rhel8.4	glib2	<0:2.56.4-10.el8_4.2	0:2.56.4-10.el8_4.2
rpm rhel9.4	glib2	<0:2.68.4-14.el9_4.3	0:2.68.4-14.el9_4.3
rpm rhel9	glib2	<0:2.68.4-16.el9_6.2	0:2.68.4-16.el9_6.2
rpm rhel8	librsvg2	-	-
rpm rhel10	loupe	-	-

1-10 of 20

Aliases

1. CVE-2025-43732. NVD-2025-43733. OSV-DEBIAN-2025-43734. OSV-2025-43735. SECURITY-TRACKER-CVE-2025-4373

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.