QSearchQSearch

CVE-2025-6052

3.7 LOW

A flaw was found in how GLib’s GString manages memory when adding data to strings

Published: 2025-06-13 · Last updated: 2026-06-02

Severity and scoring

CVSS
3.7 LOW
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
CWE-190

Affected products

VendorProduct
gnomeglib

Description

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-5201 A flaw was found in the gdk-pixbuf library (7.5 HIGH)
  • CVE-2026-5119 A flaw was found in libsoup (5.9 MEDIUM)
  • CVE-2026-4271 A flaw was found in libsoup, a library for handling HTTP requests (5.3 MEDIUM)
  • CVE-2025-14512 A flaw was found in glib (6.5 MEDIUM)
  • CVE-2025-14087 A flaw was found in GLib (Gnome Lib) (5.6 MEDIUM)

Same CWE

  • CVE-2025-66280 An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
  • CVE-2026-34711 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability (7.5 HIGH)
  • CVE-2026-47925 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could... (5.5 MEDIUM)
  • CVE-2023-29146 The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed dat... (8.2 HIGH)
  • CVE-2026-47291 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network (9.8 CRITICAL)