Heap Buffer Overflow in GLib's GIO Affects Multiple Products
CVE-2025-14512

6.5MEDIUM

Key Information:

Vendor: Gnome
Status: Glib; Red Hat Hardened Images; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-14512?

A vulnerability exists in GLib that enables a heap buffer overflow due to an integer overflow in the escape_byte_string() function within the GIO module. This flaw can be exploited when processing malicious files or attributes from a remote filesystem, potentially leading to a denial-of-service condition. Attackers may craft specific input that triggers this vulnerability, making it critical for users to implement timely security updates to mitigate risks.

Affected Version(s)

glib 0 < 2.86.3

Red Hat Hardened Images 2.88.0-1.1.hum1

References

https://access.redhat.com/errata/RHSA-2026:7461

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2025-14512

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2421339

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 11, 2025

Credit

Red Hat would like to thank Codean Labs for reporting this issue.

CVE-2025-14512 Data

JSON

Gnome

What is CVE-2025-14512?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit