JLSEC-2025-167

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-167.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-167.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2025-167
Upstream
Published
2025-10-19T22:31:43.957Z
Modified
2025-11-06T23:03:51.912913Z
Summary
A flaw was found in how GLib’s GString manages memory when adding data to strings
Details

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6052",
            "id": "CVE-2025-6052",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6052",
            "modified": "2025-08-20T17:27:24.260Z",
            "imported": "2025-10-19T21:13:26.140Z",
            "published": "2025-06-13T16:15:28.230Z"
        }
    ]
}
References

Affected packages

Julia / Glib_jll

Package

Name
Glib_jll
Purl
pkg:julia/Glib_jll?uuid=7746bdde-850d-59dc-9ae8-88ece973131d

Affected ranges

Type
SEMVER
Events
Introduced
2.76.5+0
Fixed
2.86.0+0