Fluid Attacks Database

Description

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| >=0 <2.66.8-1+deb11u7	2.66.8-1+deb11u7
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| >=0 <2.74.6-2+deb12u7	2.74.6-2+deb12u7
debian 13	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| >=0 <2.84.4-3~deb13u1	2.84.4-3~deb13u1
debian 14	glib2.0	=2.84.3-1 \|\| >=0 <2.84.4-1	2.84.4-1
rpm rhel7	glib2	-	-
rpm rhel10	glycin-loaders	-	-
rpm rhel10	bootc	-	-
rpm rhel9	bootc	-	-
rpm rhel10	glib2	-	-
rpm rhel6	glib2	-	-

1-10 of 19

Aliases

1. CVE-2025-70392. NVD-2025-70393. OSV-DEBIAN-2025-70394. OSV-2025-70395. SECURITY-TRACKER-CVE-2025-7039

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.