CNNVD-202509-411 Information

CNNVD ID

CNNVD-202509-411

Related CVE

CVE-2025-7039

• CNNVD Published: 2025-09-03

Description (Chinese)

glib是GNOME项目的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 glib存在路径遍历漏洞，该漏洞源于临时文件创建时整数溢出导致越界内存访问，可能允许攻击者通过创建符号链接执行路径遍历或访问私有临时文件内容。

Description (English)

glib is a common, portable and practical repository for the GNOME project. Many useful data types, macros, type conversions, string applications, file applications, main cycle abstractions, etc. are provided. The glib has a loophole in its path, which stems from the fact that the integer spill of the temporary file at the time of creation leads to cross-border memory access, which may allow the assailant to run the path through the creation of a symbol link or access the content of the private temporary document.

Hazard Level

Critical

Vulnerability Type

路径遍历

Affected Vendor

gnutls

Published

2025-09-03

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-7039 https://bugzilla.redhat.com/show_bug.cgi?id=2392423

Patch

https://download.gnome.org/sources/glib/