CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

References

Affected packages

Debian:13 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.3-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/gnome/glib

Affected ranges

Type: GIT
Repo: https://github.com/gnome/glib
Events: Introduced

b65044c52b78fab65a0415e2148f4b98a1680da2

Last affected

78cd78d2988616d9af0e8f43e703717d092cd3ff

Affected versions

2.*

2.75.3

2.75.4

2.76.0

2.76.1

2.77.0

2.77.1

2.77.2

2.77.3

2.78.0

2.79.0

2.79.1

2.79.2

2.79.3

2.80.0

2.81.0

2.81.1

2.81.2

2.83.0

2.83.1

2.83.2

2.83.3

2.83.4

2.83.5

2.84.0

2.84.1

2.84.2

2.84.3