What you need to know today.
Multiple vulnerabilities in GLib library could lead to out-of-bounds reads and other memory safety issues.

Multiple vulnerabilities have been discovered in GLib, a crucial library for GNOME and various other applications. CVE-2026-58016 describes an out-of-bounds read in g_date_time_get_ymd due to invalid GDateTime objects. CVE-2026-58015 details a flaw in the DBUS_COOKIE_SHA1 SASL authentication mechanism where the cookie_context parameter is not validated, potentially allowing a malicious D-Bus server to exploit this. CVE-2026-58014 and CVE-2026-58013 both involve off-by-one errors leading to out-of-bounds reads or accesses in g_key_file_get_locale_string_list and g_io_channel_read_line_backend respectively, particularly when handling malformed data or custom line terminators. CVE-2026-58016 points to a state confusion issue in g_dbus_node_info_new_for_xml when processing malformed D-Bus introspection XML. CVE-2026-58012 highlights a buffer over-read in g_regex_replace when using specific flags and replacements. Finally, CVE-2026-58010 describes an out-of-bounds error in gvs_tuple_is_normal due to an incorrect bounds check. These vulnerabilities, while low-risk individually, could be chained or exploited in specific contexts to cause denial-of-service or information disclosure.