JLSEC-2025-163 A flaw was found in GLib

🗓️ 19 Oct 2025 22:31:43Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

GLib GVariant deserialization has a heap overflow from CVE-2023-32665 backport.

Reporter	Title	Published	Views	Family All 74
IBM Security Bulletins	Security Bulletin: Multiple CVEs may affect Operating System packages shipped with IBM CICS TX Advanced 10.1	4 Sep 202311:15	–	ibm
Tenable Nessus	Amazon Linux 2 : glib2 (ALAS-2025-2767)	26 Feb 202500:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : glib2 (EulerOS-SA-2023-2582)	8 Aug 202300:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : glib2 (EulerOS-SA-2023-2612)	8 Aug 202300:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.1 : glib2 (EulerOS-SA-2023-2956)	16 Jan 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.0 : glib2 (EulerOS-SA-2023-2982)	16 Jan 202400:00	–	nessus
Tenable Nessus	Fedora 37 : mingw-glib2 (2023-1a7e2b3dda)	16 Jun 202300:00	–	nessus
Tenable Nessus	Fedora 38 : mingw-glib2 (2023-9e5a29a25d)	16 Jun 202300:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: glib (CVE-2023-32643)	25 Feb 202500:00	–	nessus
Tenable Nessus	Oracle Java (Apr 2024 CPU)	19 Apr 202400:00	–	nessus

Source	Link
gitlab	www.gitlab.gnome.org/GNOME/glib/-/issues/2840
https	www.https//discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
security	www.security.netapp.com/advisory/ntap-20240426-0005/

06 Nov 2025 23:03Current

7.3High risk

Vulners AI Score7.3

CVSS 3.15.3 - 7.8

EPSS0.00036

SSVC

glib library gvariant deserialization heap overflow backport fix cve 2023 32665