- Description
- A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
- Products
- glib
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-190
- Hype score
- Not currently trending
⚠️ Critical glib2 vulnerabilities patched! ⚠️ CVE-2025-6052 (CVSS 7.8) & CVE-2025-4373 (CVSS 4.8) impact #SUSE Linux 15 SP6/SP7 & #openSUSE Leap 15.6. Patch immediately! Read more: 👉https://t.co/YqPumZjd5Y https://t.co/K9XqYCWGeb
@Cezar_H_Linux
30 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6052 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden ov… https://t.co/Baa5J88YLE
@CVEnew
13 Jun 2025
335 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E728915-6D6F-42BB-95CC-D1B6F6B2DDED",
"versionEndIncluding": "2.84.3",
"versionStartIncluding": "2.75.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]