CVE-2026-0988 — Integer Overflow or Wraparound in Glib2.0

CWE-190 — Integer Overflow or Wraparound7 documents7 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 79.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0

Timeline

PublishedJan 21

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶debiandebian/glib2.0< glib2.0 2.66.8-1+deb11u8 (bullseye)

🔴Vulnerability Details

GHSA

GHSA-m2x7-c9gp-xc46: A flaw was found in glib↗2026-01-21

▶

OSV

CVE-2026-0988: A flaw was found in glib↗2026-01-21

▶

📋Vendor Advisories

Ubuntu

GLib vulnerability↗2026-01-21

▶

Red Hat

glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek()↗2026-01-15

▶

Debian

CVE-2026-0988: glib2.0 - A flaw was found in glib. Missing validation of offset and count parameters in t...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0988 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶