Details of issue NIXPKGS-2025-0008

affected

created 1 Nov 2025

NIXPKGS-2025-0008

A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.

Vulnerabilities

CVE-2025-7039

Related packages

pkgs.bootc

Boot and upgrade via container images

nixos-unstable ???
- nixpkgs-unstable 1.6.0

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

nixos-unstable ???
- nixpkgs-unstable 48.1

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

nixos-unstable ???
- nixpkgs-unstable 2024.8

pkgs.podman-bootc

Streamlining podman+bootc interactions

nixos-unstable ???
- nixpkgs-unstable 0.1.2

pkgs.mlxbf-bootctl

Control BlueField boot partitions

nixos-unstable ???
- nixpkgs-unstable 2025-01-16

pkgs.glycin-loaders

Glycin loaders for several formats

nixos-unstable ???
- nixpkgs-unstable 1.2.3

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

nixos-unstable ???
- nixpkgs-unstable 235

pkgs.rubyPackages.glib2

nixos-unstable ???
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_1.glib2

nixos-unstable ???
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_2.glib2

nixos-unstable ???
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_3.glib2

nixos-unstable ???
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_4.glib2

nixos-unstable ???
- nixpkgs-unstable glib2-4.3.3