JLSEC-2025-162

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-162.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-162.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2025-162

Upstream

CVE-2023-32636

Published

2025-10-19T22:31:43.957Z

Modified

2025-11-03T00:04:47.589107Z

Summary

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of servi...

Details

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

Database specific

{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "modified": "2024-11-21T08:03:44.800Z",
            "published": "2023-09-14T20:15:09.653Z",
            "id": "CVE-2023-32636",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-32636",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636",
            "imported": "2025-10-19T21:13:24.605Z"
        }
    ]
}

References

Affected packages

Julia / Glib_jll

Package

Name: Glib_jll
Purl: pkg:julia/Glib_jll?uuid=7746bdde-850d-59dc-9ae8-88ece973131d

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.76.5+0