2372666 – (CVE-2025-6052) CVE-2025-6052 glib: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString

Bug 2372666 (CVE-2025-6052) - CVE-2025-6052 glib: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString

Summary: CVE-2025-6052 glib: Integer overflow in g_string_maybe_expand() leading to po...

Keywords:
Status:	NEW
Alias:	CVE-2025-6052
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2372670 2372671 2372672 2372673
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-13 12:10 UTC by OSIDB Bzimport
Modified:	2025-06-13 15:37 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-13 12:10:12 UTC

An integer overflow vulnerability exists in the g_string_maybe_expand() function of the GLib library. When extremely large strings are used and more data is appended, an internal size calculation can wrap around, making the system incorrectly assume that there’s enough space in the buffer. This leads to a buffer overflow, causing memory corruption or a crash. Although difficult to exploit in practice due to the extremely large memory conditions required, this issue could be triggered remotely if an application accepts large untrusted input and uses GString for string operations.

Comment 1 Abhishek Raj 2025-06-13 12:38:39 UTC

Affected versions: GLib 2.75.3 until 2.84.3

Note You need to log in before you can comment on or make changes to this bug.