Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring — CVE-2025-6052

Summary

Advisory CVE-2025-6052. Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring Vendor: Microsoft. Source: MSRC. Threat: low. CVSS 3.7. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock CVE-2025-38058
• Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder CVE-2025-6199
• GNU ncurses parse_entry.c postprocess_termcap stack-based overflow CVE-2025-6141
• HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference CVE-2025-6858
• HDF5 H5Centry.c H5C__load_entry resource consumption CVE-2025-6817
• HDF5 H5FL.c H5FL__reg_gc_list use after free CVE-2025-6856
• HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow CVE-2025-6857
• HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow CVE-2025-6818
• HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow CVE-2025-6816
• HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow CVE-2025-6750
• HTACG tidy-html5 alloc.c defaultAlloc memory leak CVE-2025-6498
• HTACG tidy-html5 parser.c prvTidyParseNamespace assertion CVE-2025-6497