Debian Glib2.0 vulnerabilities

CVE-2026-1484 [MEDIUM] CVE-2026-1484: glib2.0 - A flaw was found in the GLib Base64 encoding routine when processing very large ... A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpre

CVE-2026-1489 [MEDIUM] CVE-2026-1489: glib2.0 - A flaw was found in GLib. An integer overflow vulnerability in its Unicode case ... A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion t

CVE-2026-0988 [LOW] CVE-2026-0988: glib2.0 - A flaw was found in glib. Missing validation of offset and count parameters in t... A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to

CVE-2026-1485 [LOW] CVE-2026-1485: glib2.0 - A flaw was found in Glib's content type parsing logic. This buffer underflow vul... A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted tr

CVE-2025-13601 [HIGH] CVE-2025-13601: glib2.0 - A heap-based buffer overflow problem was found in glib through an incorrect calc... A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the n

CVE-2025-14512 [MEDIUM] CVE-2025-14512: glib2.0 - A flaw was found in glib. This vulnerability allows a heap buffer overflow and d... A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. Scope: local bookworm: resolved (fixed in 2.74.6-2+deb12u8) bullseye: resolved (fixed in 2.66.8-1+deb11u7

CVE-2025-4373 [MEDIUM] CVE-2025-4373: glib2.0 - A flaw was found in GLib, which is vulnerable to an integer overflow in the g_st... A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. Scope: local bookworm: resolved (fixed in 2.74.6-2+deb12u7) bullseye: resolved (fixed in 2.66.8-1+deb11u7) forky: resolved (fixed in 2.

CVE-2025-14087 [MEDIUM] CVE-2025-14087: glib2.0 - A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacke... A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. Scope: local bookworm: resolved (fixed in 2.74.6-2+deb12u8) bullseye: resolved (fixed in 2.66.8-1+deb1

CVE-2025-3360 [LOW] CVE-2025-3360: glib2.0 - A flaw was found in GLib. An integer overflow and buffer under-read occur when p... A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. Scope: local bookworm: resolved (fixed in 2.74.6-2+deb12u6) bullseye: resolved (fixed in 2.66.8-1+deb11u6) forky: resolved (fixed in 2.84.1-1) sid: resolved (fixed in 2.84.1-1) trixie: resolved (fixed

CVE-2025-7039 [LOW] CVE-2025-7039: glib2.0 - A flaw was found in glib. An integer overflow during temporary file creation lea... A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from i

CVE-2025-4056 [HIGH] CVE-2025-4056: glib2.0 - A flaw was found in GLib. A denial of service on Windows platforms may occur if ... A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-6052 [LOW] CVE-2025-6052: glib2.0 - A flaw was found in how GLib’s GString manages memory when adding data to string... A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corru

CVE-2024-52533 [CRITICAL] CVE-2024-52533: glib2.0 - gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resu... gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Scope: local bookworm: resolved (fixed in 2.74.6-2+deb12u5) bullseye: resolved (fixed in 2.66.8-1+deb11u5) forky: resolved (fixed in 2.82.1-1) sid: resolved (fixed in 2.82.1-1) trixie:

CVE-2024-34397 [MEDIUM] CVE-2024-34397: glib2.0 - An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x befor... An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted sys

CVE-2023-32665 [MEDIUM] CVE-2023-32665: glib2.0 - A flaw was found in GLib. GVariant deserialization is vulnerable to an exponenti... A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. Scope: local bookworm: resolved (fixed in 2.74.4-1) bullseye: resolved (fixed in 2.66.8-1+deb11u1) forky: resolved (fixed in 2.74.4-1) sid: resolved (fixed in 2.74.4-1) trixie: resolv

CVE-2023-32611 [MEDIUM] CVE-2023-32611: glib2.0 - A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown i... A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. Scope: local bookworm: resolved (fixed in 2.74.4-1) bullseye: resolved (fixed in 2.66.8-1+deb11u1) forky: resolved (fixed in 2.74.4-1) sid: resolved (fixed in 2.74.4-1) trixie: resolved (fixed i

CVE-2023-29499 [MEDIUM] CVE-2023-29499: glib2.0 - A flaw was found in GLib. GVariant deserialization fails to validate that the in... A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. Scope: local bookworm: resolved (fixed in 2.74.4-1) bullseye: resolved (fixed in 2.66.8-1+deb11u1) forky: resolved (fixed in 2.74.4-1) sid: resolved (fixed in 2.74.4-1) trixie: resolved (fixed in 2.74.4-1)

CVE-2023-32643 [MEDIUM] CVE-2023-32643: glib2.0 - A flaw was found in GLib. The GVariant deserialization code is vulnerable to a h... A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. Scope: local bookworm: resolved bullseye:

CVE-2023-32636 [MEDIUM] CVE-2023-32636: glib2.0 - A flaw was found in glib, where the gvariant deserialization code is vulnerable ... A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backpo

CVE-2021-27219 [HIGH] CVE-2021-27219: glib2.0 - An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Th... An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.66.6-1) bullseye: resolved (fixed in 2.66.6-1) forky: resolved (fixed