Source: glib2.0 Version: 2.75.3-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for glib2.0. CVE-2025-6052[0]: | A flaw was found in how GLib’s GString manages memory when adding | data to strings. If a string is already very large, combining it | with more input can cause a hidden overflow in the size calculation. | This makes the system think it has enough memory when it doesn’t. As | a result, data may be written past the end of the allocated memory, | leading to crashes or memory corruption. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6052 https://www.cve.org/CVERecord?id=CVE-2025-6052 [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4656 [3] https://gitlab.gnome.org/GNOME/glib/-/commit/987309f23ada52592bffdb5db0d8a5d58bd8097b Regards, Salvatore
