Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

SUSE Security Update for glib2 Addresses DoS and Buffer Overflow Issues

suse
Calendar Grey January 15, 2026
Dist Suse Esm H88
Update for glib2 resolves four important issues in SUSE, including buffer overflow and DoS risks. Immediate action is advised.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for glib2 fixes the following issues: Update to version 2.84.4. Security issues fixed: * CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). * CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). * CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). * CVE-2025-7039: integer overflow when creating temporary files may lead to an

References

* bsc#1249055

* bsc#1254297

* bsc#1254662

* bsc#1254878

Cross-

* CVE-2025-13601

* CVE-2025-14087

* CVE-2025-14512

* CVE-2025-7039

CVSS scores:

* CVE-2025-13601 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-13601 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-14087 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14087 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

* CVE-2025-14087 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-14512 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14512 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20074-1
Release Date: 2026-01-12T11:59:25Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.