GLib GString Integer Overflow Leading to Buffer Underrun
CVE-2025-4373 Published on May 6, 2025
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
Vulnerability Analysis
CVE-2025-4373 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a buffer underrun Vulnerability?
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
CVE-2025-4373 has been classified to as a buffer underrun vulnerability or weakness.
Products Associated with CVE-2025-4373
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-4373 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.