Gnome

Glib

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-14512

  • EPSS 0.05%
  • Veröffentlicht 11.12.2025 07:16:00
  • Zuletzt bearbeitet 12.12.2025 15:18:13

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribu...

5.6

CVE-2025-14087

  • EPSS 0.35%
  • Veröffentlicht 10.12.2025 09:01:34
  • Zuletzt bearbeitet 12.12.2025 15:18:42

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted i...

7.5

CVE-2025-4056

  • EPSS 0.09%
  • Veröffentlicht 28.07.2025 12:40:29
  • Zuletzt bearbeitet 08.01.2026 04:15:54

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines.

7.5

CVE-2025-6052

  • EPSS 0.05%
  • Veröffentlicht 13.06.2025 15:40:38
  • Zuletzt bearbeitet 20.08.2025 17:27:24

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory w...

9.8

CVE-2024-52533

Exploit
  • EPSS 3.09%
  • Veröffentlicht 11.11.2024 23:15:05
  • Zuletzt bearbeitet 17.06.2025 01:23:56

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

5.2

CVE-2024-34397

Exploit
  • EPSS 0.19%
  • Veröffentlicht 07.05.2024 18:15:08
  • Zuletzt bearbeitet 04.11.2025 22:16:01

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can ...

5.5

CVE-2023-32665

  • EPSS 0.06%
  • Veröffentlicht 14.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:48

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

7.8

CVE-2023-32643

  • EPSS 0.04%
  • Veröffentlicht 14.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:45

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the gu...

7.5

CVE-2023-32636

  • EPSS 0.18%
  • Veröffentlicht 14.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:44

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect a...

5.5

CVE-2023-32611

  • EPSS 0.04%
  • Veröffentlicht 14.09.2023 20:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:41

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.