{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"glib2 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for glib2 is now available for openEuler-22.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.\n\nSecurity Fix(es):\n\nA vulnerability was found in GNOME GLib (the affected version unknown). It has been declared as critical. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-14087)\n\nA flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.(CVE-2025-14512)", "category":"general", "title":"Description" }, { "text":"An update for glib2 is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"glib2", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2901", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2901" }, { "summary":"CVE-2025-14087", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14087&packageName=glib2" }, { "summary":"CVE-2025-14512", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-14512&packageName=glib2" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14087" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14512" }, { "summary":"openEuler-SA-2025-2901 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openEuler-SA-2025-2901.json" } ], "title":"An update for glib2 is now available for openEuler-22.03-LTS-SP4", "tracking":{ "initial_release_date":"2025-12-31T10:23:49+08:00", "revision_history":[ { "date":"2025-12-31T10:23:49+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-12-31T10:23:49+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-12-31T10:23:49+08:00", "id":"openEuler-SA-2025-2901", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-debugsource-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-debugsource-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-debugsource-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-devel-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-devel-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-devel-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-static-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-static-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-static-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-tests-2.72.2-24.oe2203sp4.x86_64.rpm", "name":"glib2-tests-2.72.2-24.oe2203sp4.x86_64.rpm" }, "name":"glib2-tests-2.72.2-24.oe2203sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-help-2.72.2-24.oe2203sp4.noarch.rpm", "name":"glib2-help-2.72.2-24.oe2203sp4.noarch.rpm" }, "name":"glib2-help-2.72.2-24.oe2203sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-debugsource-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-debugsource-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-debugsource-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-devel-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-devel-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-devel-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-static-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-static-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-static-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-tests-2.72.2-24.oe2203sp4.aarch64.rpm", "name":"glib2-tests-2.72.2-24.oe2203sp4.aarch64.rpm" }, "name":"glib2-tests-2.72.2-24.oe2203sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"glib2-2.72.2-24.oe2203sp4.src.rpm", "name":"glib2-2.72.2-24.oe2203sp4.src.rpm" }, "name":"glib2-2.72.2-24.oe2203sp4.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-debugsource-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-debugsource-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-devel-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-devel-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-static-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-static-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-tests-2.72.2-24.oe2203sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "name":"glib2-tests-2.72.2-24.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-help-2.72.2-24.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "name":"glib2-help-2.72.2-24.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-debugsource-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-debugsource-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-devel-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-devel-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-static-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-static-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-tests-2.72.2-24.oe2203sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "name":"glib2-tests-2.72.2-24.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"glib2-2.72.2-24.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src", "name":"glib2-2.72.2-24.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-14087", "notes":[ { "text":"A vulnerability was found in GNOME GLib (the affected version unknown). It has been declared as critical. The CWE definition for the vulnerability is CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ], "details":"glib2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2901" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.6, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-14087" }, { "cve":"CVE-2025-14512", "notes":[ { "text":"A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ], "details":"glib2 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2901" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.x86_64", "openEuler-22.03-LTS-SP4:glib2-help-2.72.2-24.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debuginfo-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-debugsource-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-devel-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-static-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-tests-2.72.2-24.oe2203sp4.aarch64", "openEuler-22.03-LTS-SP4:glib2-2.72.2-24.oe2203sp4.src" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-14512" } ] }