CVE-2025-14087

Publication date 10 December 2025

Last updated 11 December 2025

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

Description

Buffer underflow on Glib through glib/gvariant via bytestring_parse() or string_parse() leads to OOB Write

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glib2.0	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

Notes

mdeslaur

should also include the following commit, which is a different issue with no CVE yet: https://gitlab.gnome.org/GNOME/glib/-/commit/4f0399c0aaf3ffc86b5625424580294bc7460404

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glib2.0	Upstream: 3e72fe0 Upstream: 6fe481c Upstream: dd333a4

Severity score breakdown

Parameter	Value
Base score	5.6 · Medium
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L