Updated glib2.0 packages fix security vulnerabilities
Publication date: 28 Jan 2026Modification date: 28 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3360 , CVE-2025-7039 , CVE-2025-13601 , CVE-2025-14087 , CVE-2025-14512 , CVE-2026-0988
Description
Glib prior to 2.82.5 is vulnerable to integer overflow and buffer
under-read when parsing a very long invalid iso 8601 timestamp with
g_date_time_new_from_iso8601(). (CVE-2025-3360)
Buffer under-read on glib through glib/gfileutils.c via get_tmp_file().
(CVE-2025-7039)
Integer overflow in in g_escape_uri_string(). (CVE-2025-13601)
Buffer underflow in gvariant parser leads to heap corruption.
(CVE-2025-14087)
Integer overflow in glib gio attribute escaping causes heap buffer
overflow. (CVE-2025-14512)
Denial of service via integer overflow in
g_buffered_input_stream_peek(). (CVE-2026-0988)
References
- https://bugs.mageia.org/show_bug.cgi?id=35052
- https://ubuntu.com/security/notices/USN-7971-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988
SRPMS
9/core
- glib2.0-2.76.3-1.6.mga9