CVE-2025-14512
MEDIUMglib < 2.86.3 - Heap Buffer Overflow and Denial of Service via GIO escape_byte_string() Integer Overflow
Title source: llmDescription
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
References (20)
Core 20
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:21275
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:22634
https://access.redhat.com/errata/RHSA-2026:22634
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:7461
https://access.redhat.com/errata/RHSA-2026:7461
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15953
https://access.redhat.com/errata/RHSA-2026:15953
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15969
https://access.redhat.com/errata/RHSA-2026:15969
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:15971
https://access.redhat.com/errata/RHSA-2026:15971
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14512
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2421339
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19148
https://access.redhat.com/errata/RHSA-2026:19148
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19361
https://access.redhat.com/errata/RHSA-2026:19361
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19452
https://access.redhat.com/errata/RHSA-2026:19452
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19457
https://access.redhat.com/errata/RHSA-2026:19457
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19459
https://access.redhat.com/errata/RHSA-2026:19459
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19460
https://access.redhat.com/errata/RHSA-2026:19460
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19523
https://access.redhat.com/errata/RHSA-2026:19523
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19524
https://access.redhat.com/errata/RHSA-2026:19524
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19565
https://access.redhat.com/errata/RHSA-2026:19565
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:19567
https://access.redhat.com/errata/RHSA-2026:19567
Scores
CVSS v3
6.5
EPSS
0.0050
EPSS Percentile
39.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-190
Status
published
Products (38)
gnome/glib
< 2.86.3
GNOME/glib
< 2.86.3
Red Hat/Red Hat AI Inference Server 3.2
1780681984
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10
0:2.80.4-10.el10_1.13
Red Hat/Red Hat Enterprise Linux 10
0:2.80.4-12.el10_2.13
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:2.80.4-4.el10_0.9
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
... and 28 more
Published
Dec 11, 2025
Tracked Since
Feb 18, 2026