GLib Heap Buffer Overflow Vulnerability in GIO Escape Function Allowing Denial-of-Service

Vulnerability

A heap buffer overflow vulnerability has been identified in GLib, specifically within the GIO (GLib Input/Output) escape_byte_string() function. This vulnerability arises from an integer overflow that occurs when the function processes malicious file or remote filesystem attribute values. The integer overflow leads to improper memory allocation, allowing an attacker to craft inputs that cause the escaping loop to write beyond the allocated buffer. As a result, this vulnerability can be exploited to create a denial-of-service condition by crashing the affected process.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, leading to memory corruption and a crash of the affected process. However, such heap buffer overflows can often be exploited to execute arbitrary code.

Added: Dec 11, 2025, 7:19 AM

Updated: Dec 11, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLib Heap Buffer Overflow Vulnerability in GIO Escape Function Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

GNOME GLib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating