CNNVD-202511-2890 Information
CNNVD ID
CNNVD-202511-2890
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
glib是GNOME项目的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 glib存在安全漏洞,该漏洞源于g_escape_uri_string函数中缓冲区大小计算错误,可能导致堆缓冲区溢出。
Description (English)
glib is a common, portable and practical repository for the GNOME project. Many useful data types, macros, type conversions, string applications, file applications, main cycle abstractions, etc. are provided. There is a security loophole in glib, which stems from an error in the calculation of the size of the buffer zone in the g escape uri string function, which could lead to a spill out of the buffer zone.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GNOME
Published
2025-11-26
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-13601 https://bugzilla.redhat.com/show_bug.cgi?id=2416741 https://gitlab.gnome.org/GNOME/glib/-/issues/3827 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
Patch
https://download.gnome.org/sources/glib/
Share on: