CVE-2025-13601
7.7 HIGHA heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function
Published: 2025-11-26 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.7 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- CWE
- CWE-190
Affected products
| Vendor | Product |
|---|---|
| gnome | ceph_storage, codeready_linux_builder, codeready_linux_builder_for_arm64 |
| redhat | ceph_storage, codeready_linux_builder, codeready_linux_builder_for_arm64 |
Description
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-13601
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:0936
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:0975
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:0991
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1323
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1324
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1326
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1327
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1465
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1608
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1624
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1625
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1626
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1627
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1652
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:1736
- [Other]https://access.redhat.com/errata/RHSA-2026:18344
- [Other]https://access.redhat.com/errata/RHSA-2026:18705
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2064
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2072
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2485
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2563
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2633
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2659
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:2671
- [Other]https://access.redhat.com/errata/RHSA-2026:2974
- [Other]https://access.redhat.com/errata/RHSA-2026:3415
- [Other]https://access.redhat.com/errata/RHSA-2026:4419
- [Other]https://access.redhat.com/errata/RHSA-2026:7461
- [Vendor advisory]https://access.redhat.com/security/cve/CVE-2025-13601
- [Vendor advisory]https://bugzilla.redhat.com/show_bug.cgi?id=2416741
- [Exploit reference]https://gitlab.gnome.org/GNOME/glib/-/issues/3827
- [Other]https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
- [Other]https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11789 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2026-10649 — A flaw was found in Pacemaker (8.6 HIGH)
- CVE-2026-53705 — A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good (7.6 HIGH)
- CVE-2026-52722 — A signed integer overflow vulnerability was found in GStreamer's VMnc decoder (7.1 HIGH)
- CVE-2025-55647 — An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... (5.5 MEDIUM)
- CVE-2026-6045 — LibreOffice can import EMF+ graphics, which may be embedded in documents