CVE-2026-58016
- EPSS 0.34%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 01.07.2026 17:46:34
A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <m...
CVE-2026-58015
- EPSS 0.3%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 02:16:28
A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context contain...
CVE-2026-58014
- EPSS 0.24%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 01.07.2026 17:58:21
A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service...
CVE-2026-58013
- EPSS 0.27%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:29:25
A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerabilit...
CVE-2026-58012
- EPSS 0.26%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:28:31
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 funct...
CVE-2026-58011
- EPSS 0.27%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:20:39
A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corr...
CVE-2026-58010
- EPSS 0.26%
- Veröffentlicht 30.06.2026 13:19:17
- Zuletzt bearbeitet 02.07.2026 19:09:20
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of o...
CVE-2025-14512
- EPSS 0.5%
- Veröffentlicht 11.12.2025 07:16:00
- Zuletzt bearbeitet 30.06.2026 00:16:53
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribu...
CVE-2025-14087
- EPSS 0.77%
- Veröffentlicht 10.12.2025 09:01:34
- Zuletzt bearbeitet 30.06.2026 00:16:52
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted i...
CVE-2025-13601
- EPSS 0.31%
- Veröffentlicht 26.11.2025 14:44:22
- Zuletzt bearbeitet 30.06.2026 00:16:52
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping),...