An update for glib2 is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2904 Final 1.0 1.0 2025-12-30 Initial 2025-12-30 2025-12-30 openEuler SA Tool V1.0 2025-12-30 glib2 security update An update for glib2 is now available for openEuler-24.03-LTS-SP2 GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fix(es): A vulnerability was found in GNOME GLib (the affected version unknown). It has been declared as critical. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-14087) A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.(CVE-2025-14512) An update for glib2 is now available for openEuler-20.03-LTS-SP4/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium glib2 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2904 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14087 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14512 https://nvd.nist.gov/vuln/detail/CVE-2025-14087 https://nvd.nist.gov/vuln/detail/CVE-2025-14512 openEuler-24.03-LTS-SP2 glib2-2.78.3-12.oe2403sp2.aarch64.rpm glib2-debuginfo-2.78.3-12.oe2403sp2.aarch64.rpm glib2-debugsource-2.78.3-12.oe2403sp2.aarch64.rpm glib2-devel-2.78.3-12.oe2403sp2.aarch64.rpm glib2-static-2.78.3-12.oe2403sp2.aarch64.rpm glib2-tests-2.78.3-12.oe2403sp2.aarch64.rpm glib2-2.78.3-12.oe2403sp2.src.rpm glib2-2.78.3-12.oe2403sp2.x86_64.rpm glib2-debuginfo-2.78.3-12.oe2403sp2.x86_64.rpm glib2-debugsource-2.78.3-12.oe2403sp2.x86_64.rpm glib2-devel-2.78.3-12.oe2403sp2.x86_64.rpm glib2-static-2.78.3-12.oe2403sp2.x86_64.rpm glib2-tests-2.78.3-12.oe2403sp2.x86_64.rpm glib2-help-2.78.3-12.oe2403sp2.noarch.rpm A vulnerability was found in GNOME GLib (the affected version unknown). It has been declared as critical. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 2025-12-30 CVE-2025-14087 openEuler-24.03-LTS-SP2 Medium 5.6 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L glib2 security update 2025-12-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2904 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. 2025-12-30 CVE-2025-14512 openEuler-24.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H glib2 security update 2025-12-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2904