Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-6052

created 4 months, 3 weeks ago

Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Affected products

bootc

glib2

loupe

librsvg2

rpm-ostree

mingw-glib2

glycin-loaders

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

nixos-unstable -
- nixpkgs-unstable 1.6.0

pkgs.loupe

Simple image viewer application written with GTK4 and Rust

nixos-unstable -
- nixpkgs-unstable 48.1

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

nixos-unstable -
- nixpkgs-unstable 2024.8

pkgs.podman-bootc

Streamlining podman+bootc interactions

nixos-unstable -
- nixpkgs-unstable 0.1.2

pkgs.mlxbf-bootctl

Control BlueField boot partitions

nixos-unstable -
- nixpkgs-unstable 2025-01-16

pkgs.glycin-loaders

Glycin loaders for several formats

nixos-unstable -
- nixpkgs-unstable 1.2.3

pkgs.systemd-bootchart

Boot performance graphing tool from systemd

nixos-unstable -
- nixpkgs-unstable 235

pkgs.rubyPackages.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_1.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_2.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_3.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

pkgs.rubyPackages_3_4.glib2

None

nixos-unstable -
- nixpkgs-unstable glib2-4.3.3

Package maintainers

@Thesola10 Karim Vergnes <me@thesola.io>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@nikstur nikstur <nikstur@outlook.com>
@thillux Markus Theil <theil.markus@gmail.com>
@evan-goode Evan Goode <mail@evangoo.de>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>