vulnerability

Debian: CVE-2025-13601: glib2.0 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:N/I:C/A:C)	Dec 17, 2025	Dec 17, 2025	Jan 12, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:C/A:C)

Published

Dec 17, 2025

Added

Dec 17, 2025

Modified

Jan 12, 2026

Description

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

Solution

debian-upgrade-glib2-0

References

CVE-2025-13601
https://attackerkb.com/topics/CVE-2025-13601
CWE-190
DEBIAN-DLA-4412-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today