Common Weakness Enumeration

CWE-190

Allowed

Integer Overflow or Wraparound

Abstraction: Base · Status: Stable

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

3867 vulnerabilities reference this CWE, most recent first.

CVE-2025-20710 (GCVE-0-2025-20710)

Vulnerability from cvelistv5 – Published: 2025-10-14 09:11 – Updated: 2026-02-26 17:47
VLAI
Summary
In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MT6890, MT7915, MT7916, MT7981, MT7986 Affected: SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T03:56:24.047606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:42.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6890, MT7915, MT7916, MT7981, MT7986",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:11:34.351Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/October-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20710",
    "datePublished": "2025-10-14T09:11:34.351Z",
    "dateReserved": "2024-11-01T01:21:50.384Z",
    "dateUpdated": "2026-02-26T17:47:42.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20653 (GCVE-0-2025-20653)

Vulnerability from cvelistv5 – Published: 2025-03-03 02:25 – Updated: 2025-03-20 18:53
VLAI
Summary
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20653",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T19:27:33.867796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:53:09.070Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6895, MT6897, MT6983, MT6985, MT6989, MT8370, MT8390",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 13.0, 14.0, 15.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-03T02:25:50.462Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/March-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20653",
    "datePublished": "2025-03-03T02:25:50.462Z",
    "dateReserved": "2024-11-01T01:21:50.366Z",
    "dateUpdated": "2025-03-20T18:53:09.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20024 (GCVE-0-2025-20024)

Vulnerability from cvelistv5 – Published: 2025-03-04 03:44 – Updated: 2025-03-04 14:31
VLAI
Title
Arkcompiler Ets Runtime has an integer overflow vulnerability
Summary
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
Impacted products
Vendor Product Version
OpenHarmony OpenHarmony Affected: v4.1.0 , ≤ v5.0.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T14:30:50.466627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T14:31:01.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenHarmony",
          "vendor": "OpenHarmony",
          "versions": [
            {
              "lessThanOrEqual": "v5.0.2",
              "status": "affected",
              "version": "v4.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios."
            }
          ],
          "value": "in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-04T03:44:26.109Z",
        "orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
        "shortName": "OpenHarmony"
      },
      "references": [
        {
          "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-03.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arkcompiler Ets Runtime has an integer overflow vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd",
    "assignerShortName": "OpenHarmony",
    "cveId": "CVE-2025-20024",
    "datePublished": "2025-03-04T03:44:26.109Z",
    "dateReserved": "2025-01-20T02:00:47.846Z",
    "dateUpdated": "2025-03-04T14:31:01.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-15584 (GCVE-0-2025-15584)

Vulnerability from cvelistv5 – Published: 2026-03-17 18:55 – Updated: 2026-03-18 14:04
VLAI
Title
Endpoint DLP Driver Filter Communication Port Integer Overflow
Summary
Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an integer overflow within the filter communication port, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer overflow or wraparound
Assigner
References
URL Tags
https://support.netskope.com/s/article/NSKPSA-202… vendor-advisorypermissions-required
Impacted products
Credits
Tom Brice
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15584",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T14:03:46.576435Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T14:04:02.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Endpoint DLP Module for Netskope Client",
          "vendor": "Netskope",
          "versions": [
            {
              "lessThan": "135.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Requires the Endpoint DLP module to be enabled in the client configuration."
            }
          ],
          "value": "Requires the Endpoint DLP module to be enabled in the client configuration."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tom Brice"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an integer overflow within the filter communication port, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trigger an integer overflow within the filter communication port, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation would require the Endpoint DLP module to be enabled in the client configuration. A successful exploit can potentially result in a denial-of-service for the local machine."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-92",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-92 Forced Integer Overflow"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer overflow or wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-17T18:55:59.156Z",
        "orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
        "shortName": "Netskope"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "permissions-required"
          ],
          "url": "https://support.netskope.com/s/article/NSKPSA-2025-006-Endpoint-DLP-Driver-Filter-Communication-Port-Integer-Overflow"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Endpoint DLP Driver Filter Communication Port Integer Overflow",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no direct workarounds. Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
            }
          ],
          "value": "There are no direct workarounds. Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
    "assignerShortName": "Netskope",
    "cveId": "CVE-2025-15584",
    "datePublished": "2026-03-17T18:55:59.156Z",
    "dateReserved": "2026-02-18T22:27:08.617Z",
    "dateUpdated": "2026-03-18T14:04:02.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15534 (GCVE-0-2025-15534)

Vulnerability from cvelistv5 – Published: 2026-01-18 06:32 – Updated: 2026-02-23 08:36 X_Open Source
VLAI
Title
raysan5 raylib rtext.c LoadFontData integer overflow
Summary
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
raysan5 raylib Affected: 909f040
Create a notification for this product.
Credits
Oneafter (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15534",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T18:47:55.625985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T18:53:17.884Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "raylib",
          "vendor": "raysan5",
          "versions": [
            {
              "status": "affected",
              "version": "909f040"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Oneafter (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-189",
              "description": "Numeric Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T08:36:56.942Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-341706 | raysan5 raylib rtext.c LoadFontData integer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.341706"
        },
        {
          "name": "VDB-341706 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.341706"
        },
        {
          "name": "Submit #733343 | raysan5 raylib 909f040 Integer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.733343"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/raysan5/raylib/issues/5436"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/raysan5/raylib/pull/5450"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/oneafter/1224/blob/main/segv1"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/raysan5/raylib/commit/5a3391fdce046bc5473e52afbd835dd2dc127146"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/raysan5/raylib/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-01-17T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-17T19:20:34.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "raysan5 raylib rtext.c LoadFontData integer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15534",
    "datePublished": "2026-01-18T06:32:06.449Z",
    "dateReserved": "2026-01-17T16:11:45.728Z",
    "dateUpdated": "2026-02-23T08:36:56.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15278 (GCVE-0-2025-15278)

Vulnerability from cvelistv5 – Published: 2025-12-31 06:59 – Updated: 2025-12-31 16:19
VLAI
Title
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of pixels within XBM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27865.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
References
Impacted products
Vendor Product Version
FontForge FontForge Affected: 88de9b7dc76fbdef9069b7664ecc280f1c15ba2f
Create a notification for this product.
Date Public
2025-12-29 22:54
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-31T16:19:48.593656Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-31T16:19:54.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "FontForge",
          "vendor": "FontForge",
          "versions": [
            {
              "status": "affected",
              "version": "88de9b7dc76fbdef9069b7664ecc280f1c15ba2f"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-29T20:02:16.915Z",
      "datePublic": "2025-12-29T22:54:16.679Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of pixels within XBM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27865."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T06:59:33.188Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-1185",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1185/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "volticks (@movx64 on twitter)"
      },
      "title": "FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-15278",
    "datePublished": "2025-12-31T06:59:33.188Z",
    "dateReserved": "2025-12-29T20:02:16.884Z",
    "dateUpdated": "2025-12-31T16:19:54.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14933 (GCVE-0-2025-14933)

Vulnerability from cvelistv5 – Published: 2025-12-23 21:09 – Updated: 2025-12-26 19:33
VLAI
Title
NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability
Summary
NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NC variables. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27266.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
References
Impacted products
Vendor Product Version
NSF Unidata NetCDF-C Affected: dbe0cbb9ff3f706009cf4ee011adf3e58d8a81c1
Create a notification for this product.
Date Public
2025-12-18 21:20
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-26T19:33:52.860667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-26T19:33:58.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "NetCDF-C",
          "vendor": "NSF Unidata",
          "versions": [
            {
              "status": "affected",
              "version": "dbe0cbb9ff3f706009cf4ee011adf3e58d8a81c1"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-18T20:56:01.480Z",
      "datePublic": "2025-12-18T21:20:36.889Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of NC variables. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27266."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T21:09:15.230Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-1151",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1151/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Fady Osman"
      },
      "title": "NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-14933",
    "datePublished": "2025-12-23T21:09:15.230Z",
    "dateReserved": "2025-12-18T20:56:01.434Z",
    "dateUpdated": "2025-12-26T19:33:58.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14512 (GCVE-0-2025-14512)

Vulnerability from cvelistv5 – Published: 2025-12-11 07:11 – Updated: 2026-07-13 16:21
VLAI
Title
Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
Summary
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:15953 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15969 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15971 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19148 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19361 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19452 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19457 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19459 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19460 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19523 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19524 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19565 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19567 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21275 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:22634 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25096 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:29197 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7461 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-14512 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2421339 issue-trackingx_refsource_REDHAT
https://gitlab.gnome.org/GNOME/glib/-/issues/3845
Impacted products
Vendor Product Version
GNOME glib Affected: 0 , < 2.86.3 (semver)
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.80.4-10.el10_1.13 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:2.80.4-12.el10_2.13 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:2.80.4-4.el10_0.9 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:2.56.4-169.el8_10 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/o:redhat:enterprise_linux:8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:2.56.4-10.el8_4.5 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 0:2.56.4-10.el8_4.5 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.4::baseos
    cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 0:2.56.4-158.el8_6.5 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:2.56.4-158.el8_6.5 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:2.56.4-158.el8_6.5 , < * (rpm)
    cpe:/o:redhat:rhel_aus:8.6::baseos
    cpe:/o:redhat:rhel_e4s:8.6::baseos
    cpe:/o:redhat:rhel_tus:8.6::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 0:2.56.4-165.el8_8 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.8::baseos
    cpe:/o:redhat:rhel_tus:8.8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 0:2.56.4-165.el8_8 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.8::baseos
    cpe:/o:redhat:rhel_tus:8.8::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.68.4-18.el9_7.2 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:2.68.4-19.el9_8.1 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:2.68.4-5.el9_0.5 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
    cpe:/o:redhat:rhel_e4s:9.0::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:2.68.4-7.el9_2.5 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
    cpe:/o:redhat:rhel_e4s:9.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:2.68.4-14.el9_4.6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
    cpe:/a:redhat:rhel_eus:9.4::crb
    cpe:/o:redhat:rhel_eus:9.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:2.68.4-16.el9_6.5 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
    cpe:/a:redhat:rhel_eus:9.6::crb
    cpe:/o:redhat:rhel_eus:9.6::baseos
Create a notification for this product.
Red Hat Red Hat AI Inference Server 3.2 Unaffected: 1780681984 , < * (rpm)
    cpe:/a:redhat:ai_inference_server:3.2::el9
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1782159791 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1782166952 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Hardened Images Unaffected: 2.88.0-1.1.hum1 , < * (rpm)
    cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Insights proxy 1.5 Unaffected: 1780420428 , < * (rpm)
    cpe:/a:redhat:insights_proxy:1.5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1779798159 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1779798164 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1779798165 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Update Infrastructure 5 Unaffected: 1779798222 , < * (rpm)
    cpe:/a:redhat:rhui:5::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-12-11 00:00
Credits
Red Hat would like to thank Codean Labs for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14512",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-11T14:54:52.039681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T14:45:25.859Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://gitlab.gnome.org/GNOME/glib",
          "defaultStatus": "unaffected",
          "packageName": "glib",
          "product": "glib",
          "vendor": "GNOME",
          "versions": [
            {
              "lessThan": "2.86.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.80.4-10.el10_1.13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.2"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.80.4-12.el10_2.13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.80.4-4.el10_0.9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-169.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-10.el8_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-10.el8_4.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-158.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-158.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-158.el8_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-165.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.56.4-165.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-18.el9_7.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-19.el9_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-18.el9_7.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/a:redhat:enterprise_linux:9::crb",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-19.el9_8.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream",
            "cpe:/o:redhat:rhel_e4s:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-5.el9_0.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream",
            "cpe:/o:redhat:rhel_e4s:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-7.el9_2.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream",
            "cpe:/a:redhat:rhel_eus:9.4::crb",
            "cpe:/o:redhat:rhel_eus:9.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-14.el9_4.6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/a:redhat:rhel_eus:9.6::crb",
            "cpe:/o:redhat:rhel_eus:9.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.68.4-16.el9_6.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ai_inference_server:3.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhaiis/model-opt-cuda-rhel9",
          "product": "Red Hat AI Inference Server 3.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780681984",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-server-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782159791",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782166952",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:hummingbird:1"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2-main",
          "product": "Red Hat Hardened Images",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.88.0-1.1.hum1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:insights_proxy:1.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "insights-proxy/insights-proxy-container-rhel9",
          "product": "Red Hat Insights proxy 1.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1780420428",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/cds-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798159",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/haproxy-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798164",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/installer-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798165",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhui:5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhui5/rhua-rhel9",
          "product": "Red Hat Update Infrastructure 5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1779798222",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "glib2",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-glib2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unknown",
          "packageName": "openshift4/ose-hypershift-rhel9",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Codean Labs for reporting this issue."
        }
      ],
      "datePublic": "2025-12-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib\u0027s GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T16:21:30.349Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:15953",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15953"
        },
        {
          "name": "RHSA-2026:15969",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15969"
        },
        {
          "name": "RHSA-2026:15971",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:15971"
        },
        {
          "name": "RHSA-2026:19148",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19148"
        },
        {
          "name": "RHSA-2026:19361",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19361"
        },
        {
          "name": "RHSA-2026:19452",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19452"
        },
        {
          "name": "RHSA-2026:19457",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19457"
        },
        {
          "name": "RHSA-2026:19459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19459"
        },
        {
          "name": "RHSA-2026:19460",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19460"
        },
        {
          "name": "RHSA-2026:19523",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19523"
        },
        {
          "name": "RHSA-2026:19524",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19524"
        },
        {
          "name": "RHSA-2026:19565",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19565"
        },
        {
          "name": "RHSA-2026:19567",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19567"
        },
        {
          "name": "RHSA-2026:21275",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:21275"
        },
        {
          "name": "RHSA-2026:22634",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:22634"
        },
        {
          "name": "RHSA-2026:25096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25096"
        },
        {
          "name": "RHSA-2026:29197",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:29197"
        },
        {
          "name": "RHSA-2026:7461",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:7461"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-14512"
        },
        {
          "name": "RHBZ#2421339",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-11T06:22:59.701Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-12-11T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-14512",
    "datePublished": "2025-12-11T07:11:02.182Z",
    "dateReserved": "2025-12-11T06:28:34.708Z",
    "dateUpdated": "2026-07-13T16:21:30.349Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14422 (GCVE-0-2025-14422)

Vulnerability from cvelistv5 – Published: 2025-12-23 21:31 – Updated: 2026-02-26 16:07
VLAI
Title
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability
Summary
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
zdi
References
Impacted products
Vendor Product Version
GIMP GIMP Affected: 3.0.6
Create a notification for this product.
Date Public
2025-12-17 20:20
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14422",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-01T04:55:23.194030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:24.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GIMP",
          "vendor": "GIMP",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.6"
            }
          ]
        }
      ],
      "dateAssigned": "2025-12-10T01:41:58.784Z",
      "datePublic": "2025-12-17T20:20:57.419Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T21:31:13.262Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-1136",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-14422",
    "datePublished": "2025-12-23T21:31:13.262Z",
    "dateReserved": "2025-12-10T01:41:58.762Z",
    "dateUpdated": "2026-02-26T16:07:24.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14308 (GCVE-0-2025-14308)

Vulnerability from cvelistv5 – Published: 2025-12-09 07:44 – Updated: 2025-12-09 14:39 X_Integer_Overflow X_Buffer_Overflow X_Security_Vulnerability
VLAI
Title
Integer Overflow in Robocode's Buffer Write Method
Summary
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
Robocode Project Robocode Affected: 1.9.3.6 (semver)
Create a notification for this product.
Date Public
2025-05-10 14:33
Credits
titancaproject@gmail.com
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14308",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T14:39:41.827521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T14:39:50.288Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://robocode.sourceforge.io",
          "defaultStatus": "unaffected",
          "modules": [
            "Buffer Write Method"
          ],
          "packageName": "robocode",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "Robocode",
          "programFiles": [
            "src/main/java/net/sf/robocode/io/Buffer.java"
          ],
          "programRoutines": [
            {
              "name": "write"
            }
          ],
          "repo": "https://github.com/robo-code/robocode",
          "vendor": "Robocode Project",
          "versions": [
            {
              "status": "affected",
              "version": "1.9.3.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "titancaproject@gmail.com"
        }
      ],
      "datePublic": "2025-05-10T14:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An integer overflow vulnerability exists in the \u003ccode\u003ewrite\u003c/code\u003e method of the \u003ccode\u003eBuffer\u003c/code\u003e class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        },
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T07:44:34.003Z",
        "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "shortName": "GovTech CSG"
      },
      "references": [
        {
          "url": "https://github.com/robo-code/robocode/pull/70"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_integer_overflow",
        "x_buffer_overflow",
        "x_security_vulnerability"
      ],
      "title": "Integer Overflow in Robocode\u0027s Buffer Write Method",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
    "assignerShortName": "GovTech CSG",
    "cveId": "CVE-2025-14308",
    "datePublished": "2025-12-09T07:44:34.003Z",
    "dateReserved": "2025-12-09T07:38:25.483Z",
    "dateUpdated": "2025-12-09T14:39:50.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Requirements

Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Implementation

Strategy: Input Validation

  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
Implementation
  • Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
Architecture and Design

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Mitigation MIT-26
Implementation

Strategy: Compilation or Build Hardening

Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.