INFSA-2025:10855: glib2 security update
Information about definition
Identificator: INFSA-2025:10855
Type: security
Release date: 2025-07-17 22:13:04 UTC
Information about package
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Vulnerabilities description
- CVE-2024-52533
A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.
- CVE-2025-4373
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-52533
|
no information | 7.0 | no information |
|
NIST — CVE-2025-4373
|
no information | 4.8 | no information |
Updated packages