INFSA-2025:11327: glib2 security update
Information about definition
Identificator: INFSA-2025:11327
Type: security
Release date: 2025-07-25 10:52:36 UTC
Information about package
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Vulnerabilities description
- CVE-2024-34397
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.
- CVE-2024-52533
A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.
- CVE-2025-4373
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Severity level
CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
---|---|---|---|
NIST — CVE-2024-34397
|
no information | 3.8 | no information |
NIST — CVE-2024-52533
|
no information | 7.0 | no information |
NIST — CVE-2025-4373
|
no information | 4.8 | no information |
Updated packages