rpm package
suse/glib2&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/glib2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1489 | Med | 5.4 | < 2.48.2-12.58.1 | 2.48.2-12.58.1 | Jan 27, 2026 | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in ou | |
| CVE-2026-1485 | Low | 2.8 | < 2.48.2-12.58.1 | 2.48.2-12.58.1 | Jan 27, 2026 | A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds mem | |
| CVE-2026-1484 | Med | 4.2 | < 2.48.2-12.58.1 | 2.48.2-12.58.1 | Jan 27, 2026 | A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications tha | |
| CVE-2025-14512 | Med | 6.5 | < 2.48.2-12.52.1 | 2.48.2-12.52.1 | Dec 11, 2025 | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | |
| CVE-2025-14087 | Med | 5.6 | < 2.48.2-12.52.1 | 2.48.2-12.52.1 | Dec 10, 2025 | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | |
| CVE-2025-13601 | Hig | 7.7 | < 2.48.2-12.52.1 | 2.48.2-12.52.1 | Nov 26, 2025 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length | |
| CVE-2024-52533 | — | < 2.48.2-12.43.1 | 2.48.2-12.43.1 | Nov 11, 2024 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. |
- affected < 2.48.2-12.58.1fixed 2.48.2-12.58.1
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in ou
- affected < 2.48.2-12.58.1fixed 2.48.2-12.58.1
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds mem
- affected < 2.48.2-12.58.1fixed 2.48.2-12.58.1
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications tha
- affected < 2.48.2-12.52.1fixed 2.48.2-12.52.1
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
- affected < 2.48.2-12.52.1fixed 2.48.2-12.52.1
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
- affected < 2.48.2-12.52.1fixed 2.48.2-12.52.1
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length
- CVE-2024-52533Nov 11, 2024affected < 2.48.2-12.43.1fixed 2.48.2-12.43.1
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.