CVE-2025-14087

Publication date 10 December 2025

Last updated 6 January 2026

Ubuntu priority

Cvss 3 Severity Score

Description

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glib2.0	25.10 questing	Fixed 2.86.0-2ubuntu0.1
	25.04 plucky	Fixed 2.84.1-1ubuntu0.2
	24.04 LTS noble	Fixed 2.80.0-6ubuntu3.6
	22.04 LTS jammy	Fixed 2.72.4-0ubuntu2.7
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

Notes

mdeslaur

should also include the following commit, which is a different issue with no CVE yet: https://gitlab.gnome.org/GNOME/glib/-/commit/4f0399c0aaf3ffc86b5625424580294bc7460404

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glib2.0	Upstream: 3e72fe0 Upstream: 6fe481c Upstream: dd333a4

Severity score breakdown

Parameter	Value
Base score	5.6 · Medium
Attack vector	Network
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Related Ubuntu Security Notices (USN)

USN-7942-1
GLib vulnerabilities
6 January 2026