Name | CVE-2025-3360 |
Description | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-4128-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
glib2.0 (PTS) | bullseye | 2.66.8-1+deb11u4 | vulnerable |
bullseye (security) | 2.66.8-1+deb11u6 | fixed | |
bookworm | 2.74.6-2+deb12u7 | fixed | |
bookworm (security) | 2.74.6-2+deb12u2 | vulnerable | |
trixie | 2.84.4-3~deb13u1 | fixed | |
forky, sid | 2.84.4-3 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
glib2.0 | source | bullseye | 2.66.8-1+deb11u6 | DLA-4128-1 | ||
glib2.0 | source | bookworm | 2.74.6-2+deb12u6 | |||
glib2.0 | source | (unstable) | 2.84.1-1 |
https://gitlab.gnome.org/GNOME/glib/-/issues/3647
https://gitlab.gnome.org/GNOME/glib/-/commit/8d60d7dc168aee73a15eb5edeb2deaf196d96114 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/2fa1e183613bf58d31151ecaceab91607ccc0c6d (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/0b225e7cd80801aca6e627696064d1698aaa85e7 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/3672764a17c26341ab8224dcaddf3e7cad699443 (2.83.4)
https://gitlab.gnome.org/GNOME/glib/-/commit/0ffdbebd9ab3246958e14ab33bd0c65b6f05fd13 (2.83.4)
Introduced by https://gitlab.gnome.org/GNOME/glib/-/commit/491f835c17d200ede52c823ab1566c493479cdc1 (2.55.0)