A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
GNOME glib unaffected
Version Status Constraints
0 affected < 2.86.3
Red Hat Red Hat Enterprise Linux 10 affected
Version Status Constraints
0:2.80.4-10.el10_1.13 unaffected < *
Red Hat Red Hat Enterprise Linux 10 affected
Version Status Constraints
0:2.80.4-12.el10_2.13 unaffected < *
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support affected
Version Status Constraints
0:2.80.4-4.el10_0.9 unaffected < *
Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support affected
Version Status Constraints
0:2.56.1-12.el7_9 unaffected < *
Red Hat Red Hat Enterprise Linux 8 affected
Version Status Constraints
0:2.56.4-169.el8_10 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support affected
Version Status Constraints
0:2.56.4-10.el8_4.5 unaffected < *
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On affected
Version Status Constraints
0:2.56.4-10.el8_4.5 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support affected
Version Status Constraints
0:2.56.4-158.el8_6.5 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service affected
Version Status Constraints
0:2.56.4-158.el8_6.5 unaffected < *
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions affected
Version Status Constraints
0:2.56.4-158.el8_6.5 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service affected
Version Status Constraints
0:2.56.4-165.el8_8 unaffected < *
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions affected
Version Status Constraints
0:2.56.4-165.el8_8 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:2.68.4-18.el9_7.2 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:2.68.4-19.el9_8.1 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:2.68.4-18.el9_7.2 unaffected < *
Red Hat Red Hat Enterprise Linux 9 affected
Version Status Constraints
0:2.68.4-19.el9_8.1 unaffected < *
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions affected
Version Status Constraints
0:2.68.4-5.el9_0.5 unaffected < *
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions affected
Version Status Constraints
0:2.68.4-7.el9_2.5 unaffected < *
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support affected
Version Status Constraints
0:2.68.4-14.el9_4.6 unaffected < *
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support affected
Version Status Constraints
0:2.68.4-16.el9_6.5 unaffected < *
Red Hat Red Hat Hardened Images affected
Version Status Constraints
2.88.0-1.1.hum1 unaffected < *
Red Hat Red Hat Enterprise Linux 10 unaffected
Red Hat Red Hat Enterprise Linux 10 unaffected
Red Hat Red Hat Enterprise Linux 10 unaffected
Red Hat Red Hat Enterprise Linux 10 affected
Red Hat Red Hat Enterprise Linux 10 unaffected
Red Hat Red Hat Enterprise Linux 10 unaffected
Red Hat Red Hat Enterprise Linux 6 affected
Red Hat Red Hat Enterprise Linux 8 unaffected
Red Hat Red Hat Enterprise Linux 8 affected
Red Hat Red Hat Enterprise Linux 9 unaffected
Red Hat Red Hat Enterprise Linux 9 unaffected
Red Hat Red Hat Enterprise Linux 9 affected

Configuration 1 [-]

cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors Products
Gnome Subscribe
Glib Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Enterprise Linux Eus Subscribe
Hummingbird Subscribe
Rhel Aus Subscribe
Rhel E4s Subscribe
Rhel Els Subscribe
Rhel Eus Subscribe
Rhel Eus Long Life Subscribe
Rhel Tus Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4412-1 glib2.0 security update
Ubuntu USN Ubuntu USN USN-7942-1 GLib vulnerabilities
Ubuntu USN Ubuntu USN USN-7942-2 GLib vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

References
Link Providers
https://access.redhat.com/errata/RHSA-2026:15953 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:15969 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:15971 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19148 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19361 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19452 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19457 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19459 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19460 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19523 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19524 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19565 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19566 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:19567 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:7461 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-14087 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2419093 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/glib/-/issues/3834 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-14087 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-14087 cve-icon
History

Wed, 20 May 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux_eus:10.0
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat enterprise Linux Eus
Redhat rhel Els
References

Wed, 20 May 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Wed, 20 May 2026 05:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_eus:9.6::appstream
cpe:/a:redhat:rhel_eus:9.6::crb
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_eus:9.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Tus
References

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus:9.4::crb
cpe:/o:redhat:rhel_e4s:9.0::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel E4s
Redhat rhel Eus
References

Tue, 19 May 2026 22:45:00 +0000

Type Values Removed Values Added
References

Tue, 19 May 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.2
References

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10.1
References

Mon, 11 May 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:9::baseos
References

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Wed, 18 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
References

Fri, 06 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome glib
CPEs cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome glib

Wed, 10 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Dec 2025 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 10 Dec 2025 09:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
Title Glib: glib: buffer underflow in gvariant parser leads to heap corruption
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-20T10:09:56.793Z

Reserved: 2025-12-05T08:42:34.987Z

Link: CVE-2025-14087

cve-icon Vulnrichment

Updated: 2025-12-10T14:45:51.052Z

cve-icon NVD

Status : Modified

Published: 2025-12-10T09:15:47.053

Modified: 2026-05-20T11:16:25.250

Link: CVE-2025-14087

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-12-05T00:00:00Z

Links: CVE-2025-14087 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:30:06Z

Weaknesses