Glib Security Vulnerabilities and Issues — Glib CVE List

Lucene search

GnomeGlib

10 matches found

CVE•added 2021/02/15 5:15 p.m.•447 views

CVE-2021-27219

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

7.5CVSS7.7AI score0.00246EPSS

CVE•added 2021/02/15 5:15 p.m.•360 views

CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

7.5CVSS7.7AI score0.03262EPSS

CVE•added 2019/06/28 3:15 p.m.•304 views

CVE-2019-13012

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL)....

7.5CVSS7AI score0.01045EPSS

CVE•added 2023/09/14 8:15 p.m.•200 views

CVE-2023-29499

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

7.5CVSS5.8AI score0.0012EPSS

CVE•added 2023/09/14 8:15 p.m.•179 views

CVE-2023-32643

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial...

7.8CVSS6.1AI score0.00059EPSS

CVE•added 2023/09/14 8:15 p.m.•149 views

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib ...

7.5CVSS7.3AI score0.00179EPSS

CVE•added 2020/12/14 11:15 p.m.•123 views

CVE-2020-35457

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of...

7.8CVSS7.5AI score0.00225EPSS

CVE•added 2018/09/04 12:29 a.m.•122 views

CVE-2018-16429

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

7.5CVSS8.2AI score0.00399EPSS

CVE•added 2012/01/14 5:55 p.m.•68 views

CVE-2012-0039

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a ha...

7.5CVSS9.1AI score0.00489EPSS

CVE•added 2009/09/22 10:30 a.m.•58 views

CVE-2009-3289

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.

7.8CVSS7.3AI score0.00074EPSS