rpm package
almalinux/glib2-devel
pkg:rpm/almalinux/glib2-devel
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14512 | Med | 6.5 | < 2.56.4-169.el8_10 | 2.56.4-169.el8_10 | Dec 11, 2025 | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | |
| CVE-2025-14087 | Med | 5.6 | < 2.56.4-169.el8_10 | 2.56.4-169.el8_10 | Dec 10, 2025 | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | |
| CVE-2025-13601 | Hig | 7.7 | < 2.68.4-18.el9_7.1 | 2.68.4-18.el9_7.1 | Nov 26, 2025 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length | |
| CVE-2025-4373 | Med | 4.8 | < 2.68.4-16.el9_6.2 | 2.68.4-16.el9_6.2 | May 6, 2025 | A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. | |
| CVE-2024-52533 | — | < 2.68.4-16.el9_6.2 | 2.68.4-16.el9_6.2 | Nov 11, 2024 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | ||
| CVE-2024-34397 | Med | 5.2 | < 2.68.4-14.el9_4.1 | 2.68.4-14.el9_4.1 | May 7, 2024 | An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha | |
| CVE-2023-32611 | — | < 2.68.4-11.el9 | 2.68.4-11.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | ||
| CVE-2023-29499 | — | < 2.68.4-11.el9 | 2.68.4-11.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | ||
| CVE-2023-32665 | — | < 2.68.4-11.el9 | 2.68.4-11.el9 | Sep 14, 2023 | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. |
- affected < 2.56.4-169.el8_10fixed 2.56.4-169.el8_10
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
- affected < 2.56.4-169.el8_10fixed 2.56.4-169.el8_10
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
- affected < 2.68.4-18.el9_7.1fixed 2.68.4-18.el9_7.1
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length
- affected < 2.68.4-16.el9_6.2fixed 2.68.4-16.el9_6.2
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
- CVE-2024-52533Nov 11, 2024affected < 2.68.4-16.el9_6.2fixed 2.68.4-16.el9_6.2
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
- affected < 2.68.4-14.el9_4.1fixed 2.68.4-14.el9_4.1
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals tha
- CVE-2023-32611Sep 14, 2023affected < 2.68.4-11.el9fixed 2.68.4-11.el9
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
- CVE-2023-29499Sep 14, 2023affected < 2.68.4-11.el9fixed 2.68.4-11.el9
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
- CVE-2023-32665Sep 14, 2023affected < 2.68.4-11.el9fixed 2.68.4-11.el9
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.