Gnome

Glib

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-28153

Exploit
  • EPSS 0.53%
  • Published 11.03.2021 22:15:12
  • Last modified 21.11.2024 05:59:11

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which coul...

7.5

CVE-2021-27219

Exploit
  • EPSS 0.34%
  • Published 15.02.2021 17:15:13
  • Last modified 21.11.2024 05:57:37

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corrupti...

7.5

CVE-2021-27218

  • EPSS 5.06%
  • Published 15.02.2021 17:15:13
  • Last modified 21.11.2024 05:57:37

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

7.8

CVE-2020-35457

Exploit
  • EPSS 0.19%
  • Published 14.12.2020 23:15:12
  • Last modified 21.11.2024 05:27:19

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a s...

5.9

CVE-2020-6750

Exploit
  • EPSS 0.59%
  • Published 09.01.2020 20:15:11
  • Last modified 21.11.2024 05:36:07

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur...

7.5

CVE-2019-13012

  • EPSS 0.76%
  • Published 28.06.2019 15:15:10
  • Last modified 21.11.2024 04:24:01

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CRE...

9.8

CVE-2019-12450

  • EPSS 0.9%
  • Published 29.05.2019 17:29:00
  • Last modified 21.11.2024 04:22:52

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

6.5

CVE-2019-9633

  • EPSS 0.65%
  • Published 08.03.2019 08:29:00
  • Last modified 21.11.2024 04:52:00

gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mis...

7.5

CVE-2018-16429

Exploit
  • EPSS 0.35%
  • Published 04.09.2018 00:29:01
  • Last modified 21.11.2024 03:52:44

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

9.8

CVE-2018-16428

Exploit
  • EPSS 0.89%
  • Published 04.09.2018 00:29:01
  • Last modified 21.11.2024 03:52:44

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.