SUSE-SU-2025:4441-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20254441-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4441-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:4441-1
- Upstream
- Related
- Published
- 2025-12-17T16:15:21Z
- Modified
- 2026-03-11T07:31:09.680774Z
- Summary
- Security update for glib2
- Details
-
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO
escape_byte_string()function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser
bytestring_parse()andstring_parse()functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the
g_escape_uri_string()function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
- CVE-2025-14512: integer overflow in the GIO
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20254441-1/
- https://bugzilla.suse.com/1254297
- https://bugzilla.suse.com/1254662
- https://bugzilla.suse.com/1254878
- https://www.suse.com/security/cve/CVE-2025-13601
- https://www.suse.com/security/cve/CVE-2025-14087
- https://www.suse.com/security/cve/CVE-2025-14512
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / glib2
Package
- Name
- glib2
- Purl
- pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.2-12.52.1
Ecosystem specific
{
"binaries": [
{
"libglib-2_0-0-32bit": "2.48.2-12.52.1",
"libgio-2_0-0": "2.48.2-12.52.1",
"glib2-tools": "2.48.2-12.52.1",
"glib2-devel-static": "2.48.2-12.52.1",
"libgmodule-2_0-0": "2.48.2-12.52.1",
"libgobject-2_0-0-32bit": "2.48.2-12.52.1",
"libgobject-2_0-0": "2.48.2-12.52.1",
"libgthread-2_0-0-32bit": "2.48.2-12.52.1",
"glib2-lang": "2.48.2-12.52.1",
"libgio-2_0-0-32bit": "2.48.2-12.52.1",
"libgthread-2_0-0": "2.48.2-12.52.1",
"glib2-devel": "2.48.2-12.52.1",
"libgmodule-2_0-0-32bit": "2.48.2-12.52.1",
"libglib-2_0-0": "2.48.2-12.52.1"
}
]
}
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / glib2
Package
- Name
- glib2
- Purl
- pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.2-12.52.1
Ecosystem specific
{
"binaries": [
{
"libglib-2_0-0-32bit": "2.48.2-12.52.1",
"libgio-2_0-0": "2.48.2-12.52.1",
"glib2-tools": "2.48.2-12.52.1",
"glib2-devel-static": "2.48.2-12.52.1",
"libgmodule-2_0-0": "2.48.2-12.52.1",
"libgobject-2_0-0-32bit": "2.48.2-12.52.1",
"libgobject-2_0-0": "2.48.2-12.52.1",
"libgthread-2_0-0-32bit": "2.48.2-12.52.1",
"glib2-lang": "2.48.2-12.52.1",
"libgio-2_0-0-32bit": "2.48.2-12.52.1",
"libgthread-2_0-0": "2.48.2-12.52.1",
"glib2-devel": "2.48.2-12.52.1",
"libgmodule-2_0-0-32bit": "2.48.2-12.52.1",
"libglib-2_0-0": "2.48.2-12.52.1"
}
]
}