Bug#1104930: glib2.0: CVE-2025-4373
Simon McVittie
smcv at debian.org
Fri May 9 10:36:50 BST 2025
On Thu, 08 May 2025 at 21:28:38 +0200, Salvatore Bonaccorso wrote:
>The following vulnerability was published for glib2.0.
>
>CVE-2025-4373[0]:
>| A flaw was found in GLib, which is vulnerable to an integer overflow
>| in the g_string_insert_unichar() function. When the position at
>| which to insert the character is large, the position will overflow,
>| leading to a buffer underwrite.
If I'm reading correctly, this can only happen if the string length is
around 2GB in 32-bit processes, or extremely large (half the address
space) in 64-bit processes, such that a gssize (same type as ssize_t)
would reach a signed overflow and wrap around?
If that assessment is correct, then this doesn't seem like an urgent
problem to fix, or particularly likely to be exploited in practice.
smcv
More information about the pkg-gnome-maintainers
mailing list