rpm package
opensuse/glib2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/glib2&distro=openSUSE%20Tumbleweed
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1489 | Med | 5.4 | < 2.86.3-3.1 | 2.86.3-3.1 | Jan 27, 2026 | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in ou | |
| CVE-2026-1485 | Low | 2.8 | < 2.86.3-3.1 | 2.86.3-3.1 | Jan 27, 2026 | A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds mem | |
| CVE-2026-1484 | Med | 4.2 | < 2.86.3-3.1 | 2.86.3-3.1 | Jan 27, 2026 | A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications tha | |
| CVE-2026-0988 | Low | 3.7 | < 2.86.3-2.1 | 2.86.3-2.1 | Jan 21, 2026 | A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passe | |
| CVE-2025-13601 | Hig | 7.7 | < 2.86.3-1.1 | 2.86.3-1.1 | Nov 26, 2025 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length | |
| CVE-2025-7039 | Low | 3.7 | < 2.84.4-1.1 | 2.84.4-1.1 | Sep 3, 2025 | A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local | |
| CVE-2025-6052 | Low | 3.7 | < 2.84.3-1.1 | 2.84.3-1.1 | Jun 13, 2025 | A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, d | |
| CVE-2025-3360 | Low | 3.7 | < 2.84.1-2.1 | 2.84.1-2.1 | Apr 7, 2025 | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. | |
| CVE-2024-52533 | — | < 2.82.2-2.1 | 2.82.2-2.1 | Nov 11, 2024 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. |
- affected < 2.86.3-3.1fixed 2.86.3-3.1
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in ou
- affected < 2.86.3-3.1fixed 2.86.3-3.1
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds mem
- affected < 2.86.3-3.1fixed 2.86.3-3.1
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications tha
- affected < 2.86.3-2.1fixed 2.86.3-2.1
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passe
- affected < 2.86.3-1.1fixed 2.86.3-1.1
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length
- affected < 2.84.4-1.1fixed 2.84.4-1.1
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local
- affected < 2.84.3-1.1fixed 2.84.3-1.1
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, d
- affected < 2.84.1-2.1fixed 2.84.1-2.1
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
- CVE-2024-52533Nov 11, 2024affected < 2.82.2-2.1fixed 2.82.2-2.1
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.