CVE-2025-14087

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

References

Affected packages

Git / github.com/gnome/glib

Affected ranges

Type

GIT

Repo

https://github.com/gnome/glib

Events

Introduced

Fixed

7a54787e16ceb20cecda8ad6caab05b24a61e414

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.86.3"
        }
    ]
}

Affected versions

2.*

2.20.0

2.20.1

2.21.1

2.21.2

2.21.3

2.21.4

2.21.5

2.21.6

2.22.0

2.22.2

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.23.5

2.23.6

2.24.0

2.25.0

2.25.10

2.25.11

2.25.12

2.25.13

2.25.14

2.25.15

2.25.2

2.25.3

2.25.4

2.25.5

2.25.6

2.25.8

2.25.9

2.27.0

2.27.1

2.27.2

2.27.3

2.27.5

2.27.90

2.27.91

2.27.92

2.27.93

2.28.0

2.29.10

2.29.12

2.29.14

2.29.16

2.29.18

2.29.2

2.29.4

2.29.6

2.29.8

2.29.90

2.31.0

2.31.10

2.31.12

2.31.14

2.31.16

2.31.18

2.31.2

2.31.20

2.31.22

2.31.4

2.31.6

2.31.8

2.32.0

2.32.1

2.33.1

2.33.10

2.33.12

2.33.14

2.33.2

2.33.3

2.33.4

2.33.6

2.33.8

2.34.0

2.35.1

2.35.2

2.35.3

2.35.4

2.35.6

2.35.7

2.35.8

2.35.9

2.36.0

2.37.0

2.37.1

2.37.2

2.37.3

2.37.4

2.37.5

2.37.6

2.37.7

2.37.92

2.37.93

2.38.0

2.39.0

2.39.1

2.39.2

2.39.3

2.39.4

2.39.90

2.39.91

2.39.92

2.41.1

2.41.2

2.41.3

2.41.4

2.41.5

2.42.0

2.43.0

2.43.1

2.43.2

2.43.3

2.43.4

2.43.90

2.43.91

2.43.92

2.45.1

2.45.2

2.45.3

2.45.4

2.45.5

2.45.6

2.45.7

2.45.8

2.46.0

2.47.1

2.47.2

2.47.3

2.47.4

2.47.5

2.47.6

2.47.92

2.48.0

2.49.1

2.49.2

2.49.3

2.49.4

2.49.5

2.49.6

2.49.7

2.50.0

2.50.1

2.51.0

2.51.1

2.51.2

2.51.3

2.51.4

2.51.5

2.52.0

2.53.1

2.53.2

2.53.3

2.53.4

2.53.5

2.53.6

2.53.7

2.54.0

2.55.0

2.55.1

2.56.0

2.57.1

2.57.2

2.57.3

2.58.0

2.59.0

2.59.1

2.59.2

2.59.3

2.60.0

2.61.0

2.61.1

2.61.2

2.61.3

2.62.0

2.63.0

2.63.1

2.63.2

2.63.3

2.63.4

2.63.5

2.63.6

2.64.0

2.65.0

2.65.1

2.65.2

2.65.3

2.66.0

2.67.0

2.67.1

2.67.2

2.67.3

2.67.4

2.67.5

2.67.6

2.68.0

2.69.0

2.69.1

2.69.2

2.69.3

2.70.0

2.71.0

2.71.1

2.71.2

2.71.3

2.72.0

2.73.0

2.73.1

2.73.2

2.73.3

2.74.0

2.75.0

2.75.1

2.75.2

2.75.3

2.75.4

2.76.0

2.76.1

2.77.0

2.77.1

2.77.2

2.77.3

2.78.0

2.79.0

2.79.1

2.79.2

2.79.3

2.80.0

2.81.0

2.81.1

2.81.2

2.83.0

2.83.1

2.83.2

2.83.3

2.83.4

2.83.5

2.84.0

2.84.1

2.85.0

2.85.1

2.85.2

2.85.3

2.85.4

2.86.0

2.86.1

2.86.2

Other

FOR_GNOME_0_99_1

GLIB_1_1_0

GLIB_1_1_1

GLIB_1_1_10

GLIB_1_1_11

GLIB_1_1_12

GLIB_1_1_13

GLIB_1_1_14

GLIB_1_1_15

GLIB_1_1_16

GLIB_1_1_2

GLIB_1_1_3

GLIB_1_1_3a

GLIB_1_1_4

GLIB_1_1_5

GLIB_1_1_6

GLIB_1_1_7

GLIB_1_1_8

GLIB_1_1_8a

GLIB_1_1_9

GLIB_1_2_0

GLIB_1_2_9PRE1

GLIB_1_3_0

GLIB_1_3_1

GLIB_1_3_10

GLIB_1_3_11

GLIB_1_3_12

GLIB_1_3_13

GLIB_1_3_14

GLIB_1_3_15

GLIB_1_3_2

GLIB_1_3_3

GLIB_1_3_4

GLIB_1_3_5

GLIB_1_3_6

GLIB_1_3_7

GLIB_1_3_8

GLIB_1_3_9

GLIB_2_0_0

GLIB_2_0_0_RC1

GLIB_2_0_1

GLIB_2_10_0

GLIB_2_10_1

GLIB_2_11_0

GLIB_2_11_1

GLIB_2_11_2

GLIB_2_11_3

GLIB_2_11_4

GLIB_2_12_0

GLIB_2_12_1

GLIB_2_12_2

GLIB_2_13_0

GLIB_2_13_1

GLIB_2_13_2

GLIB_2_13_3

GLIB_2_13_5

GLIB_2_13_6

GLIB_2_13_7

GLIB_2_14_0

GLIB_2_14_1

GLIB_2_14_2

GLIB_2_14_3

GLIB_2_15_1

GLIB_2_15_2

GLIB_2_15_3

GLIB_2_15_4

GLIB_2_15_5

GLIB_2_15_6

GLIB_2_16_1

GLIB_2_17_0

GLIB_2_17_1

GLIB_2_17_2

GLIB_2_17_3

GLIB_2_17_4

GLIB_2_17_5

GLIB_2_17_6

GLIB_2_17_7

GLIB_2_18_0

GLIB_2_18_1

GLIB_2_19_0

GLIB_2_19_1

GLIB_2_19_10

GLIB_2_19_2

GLIB_2_19_3

GLIB_2_19_4

GLIB_2_19_5

GLIB_2_19_6

GLIB_2_19_7

GLIB_2_19_8

GLIB_2_19_9

GLIB_2_1_3

GLIB_2_1_4

GLIB_2_1_5

GLIB_2_20_0

GLIB_2_2_0

GLIB_2_3_0

GLIB_2_3_1

GLIB_2_3_2

GLIB_2_3_3

GLIB_2_3_5

GLIB_2_3_6

GLIB_2_4_0

GLIB_2_4_1

GLIB_2_5_0

GLIB_2_5_1

GLIB_2_5_2

GLIB_2_5_3

GLIB_2_5_5

GLIB_2_5_6

GLIB_2_6_0

GLIB_2_6_1

GLIB_2_7_0

GLIB_2_7_1

GLIB_2_7_2

GLIB_2_7_3

GLIB_2_7_4

GLIB_2_7_5

GLIB_2_7_6

GLIB_2_7_7

GLIB_2_8_0

GLIB_2_8_1

GLIB_2_9_0

GLIB_2_9_1

GLIB_2_9_2

GLIB_2_9_3

GLIB_2_9_4

GLIB_2_9_5

GLIB_2_9_6

GLIB_GNOME_0_99_1

GLIB_VERSION_1_1_3

GNOME_PRINT_0_24

GOBJECT_GType_guint

GTK_2_5_4

GTK_2_7_4

GTK_ALL_1_3_6

PRE_CLEANUP

R_2_0_core

glib-2-0-branchpoint

glib-2-10-branchpoint

glib-2-12-branchpoint

glib-2-2-branchpoint

glib-2-4-branchpoint

glib-2-6-branchpoint

gobject_0_10_0

gobject_0_9_0

start

glib-2.*

glib-2.25.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-14087.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]