A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | glib2.0 | < 2.74.6-2 | glib2.0_2.74.6-2_all.deb |
Debian | 11 | all | glib2.0 | < 2.66.8-1+deb11u1 | glib2.0_2.66.8-1+deb11u1_all.deb |
Debian | 10 | all | glib2.0 | < 2.58.3-2+deb10u3 | glib2.0_2.58.3-2+deb10u3_all.deb |
Debian | 999 | all | glib2.0 | < 2.80.2-1 | glib2.0_2.80.2-1_all.deb |
Debian | 13 | all | glib2.0 | < 2.80.2-1 | glib2.0_2.80.2-1_all.deb |