| Name | CVE-2025-3360 |
| Description | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4128-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| glib2.0 (PTS) | bullseye | 2.66.8-1+deb11u4 | vulnerable |
| bullseye (security) | 2.66.8-1+deb11u6 | fixed | |
| bookworm | 2.74.6-2+deb12u7 | fixed | |
| bookworm (security) | 2.74.6-2+deb12u2 | vulnerable | |
| trixie | 2.84.4-3~deb13u1 | fixed | |
| forky, sid | 2.84.4-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| glib2.0 | source | bullseye | 2.66.8-1+deb11u6 | DLA-4128-1 | ||
| glib2.0 | source | bookworm | 2.74.6-2+deb12u6 | |||
| glib2.0 | source | (unstable) | 2.84.1-1 |
https://gitlab.gnome.org/GNOME/glib/-/issues/3647
https://gitlab.gnome.org/GNOME/glib/-/commit/8d60d7dc168aee73a15eb5edeb2deaf196d96114 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/2fa1e183613bf58d31151ecaceab91607ccc0c6d (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/0b225e7cd80801aca6e627696064d1698aaa85e7 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/3672764a17c26341ab8224dcaddf3e7cad699443 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/0ffdbebd9ab3246958e14ab33bd0c65b6f05fd13 (2.83.4)
Introduced by https://gitlab.gnome.org/GNOME/glib/-/commit/491f835c17d200ede52c823ab1566c493479cdc1 (2.55.0)