CVE-2025-14087
MEDIUMGLib < 2.86.3 - Heap Corruption via GVariant Parser Buffer Underflow
Title source: llmDescription
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
References (21)
Core 21
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22634
https://access.redhat.com/errata/RHSA-2026:22634
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15953
https://access.redhat.com/errata/RHSA-2026:15953
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15969
https://access.redhat.com/errata/RHSA-2026:15969
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15971
https://access.redhat.com/errata/RHSA-2026:15971
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:7461
https://access.redhat.com/errata/RHSA-2026:7461
Mitigation, Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14087
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2419093
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19148
https://access.redhat.com/errata/RHSA-2026:19148
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19361
https://access.redhat.com/errata/RHSA-2026:19361
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19452
https://access.redhat.com/errata/RHSA-2026:19452
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19457
https://access.redhat.com/errata/RHSA-2026:19457
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19459
https://access.redhat.com/errata/RHSA-2026:19459
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19460
https://access.redhat.com/errata/RHSA-2026:19460
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19523
https://access.redhat.com/errata/RHSA-2026:19523
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19524
https://access.redhat.com/errata/RHSA-2026:19524
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19565
https://access.redhat.com/errata/RHSA-2026:19565
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19566
https://access.redhat.com/errata/RHSA-2026:19566
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19567
https://access.redhat.com/errata/RHSA-2026:19567
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:21275
Scores
CVSS v3
5.6
EPSS
0.0075
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (37)
gnome/glib
< 2.86.3
GNOME/glib
< 2.86.3
Red Hat/Red Hat AI Inference Server 3.2
1780681984
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:2.80.4-10.el10_1.13
Red Hat/Red Hat Enterprise Linux 10
0:2.80.4-12.el10_2.13
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:2.80.4-4.el10_0.9
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support
0:2.56.1-12.el7_9
... and 27 more
Published
Dec 10, 2025
Tracked Since
Feb 18, 2026