VYPR

Glib

by GNOME Foundation

Source repositories

CVEs (32)

  • CVE-2023-32643Sep 14, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to…

  • CVE-2023-32611Sep 14, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

  • CVE-2023-29499Sep 14, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

  • CVE-2021-3800Aug 23, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.

  • CVE-2021-28153Mar 11, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security…

  • CVE-2021-27219Feb 15, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

  • CVE-2020-35457Dec 14, 2020
    risk 0.00cvss epss 0.01

    GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries…

  • CVE-2020-6750Jan 9, 2020
    risk 0.00cvss epss 0.02

    GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending…

  • CVE-2019-13012Jun 28, 2019
    risk 0.00cvss epss 0.03

    The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION,…

  • CVE-2019-12450May 29, 2019
    risk 0.00cvss epss 0.03

    file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

  • CVE-2019-9633Mar 8, 2019
    risk 0.00cvss epss 0.02

    gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application…

  • CVE-2008-4316Mar 14, 2009
    risk 0.00cvss epss 0.00

    Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.

Page 2 of 2