Overview

File _patchinfo of Package patchinfo.41970

<patchinfo incident="41970">
  <issue tracker="cve" id="2025-14512"/>
  <issue tracker="cve" id="2025-14087"/>
  <issue tracker="cve" id="2025-13601"/>
  <issue tracker="bnc" id="1254878">VUL-0: CVE-2025-14512: glib2: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow</issue>
  <issue tracker="bnc" id="1254662">VUL-0: CVE-2025-14087: glib2:  buffer underflow in GVariant parser leads to heap corruption</issue>
  <issue tracker="bnc" id="1254297">VUL-0: CVE-2025-13601: glib2: Integer overflow in in g_escape_uri_string()</issue>
  <category>security</category>
  <rating>important</rating>
  <packager>mgorse</packager>
  <summary>Security update for glib2</summary>
  <description>This update for glib2 fixes the following issues:

- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
  filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
  processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
  large number of unacceptable characters may lead to crash or code execution (bsc#1254297).

  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places