Search CVE reports
1 – 10 of 23 results
CVE-2024-52533
Medium prioritySome fixes available 1 of 7
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
CVE-2024-34397
Medium prioritySome fixes available 5 of 8
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of...
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-32665
Medium priorityA flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-32643
Medium priorityA flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors...
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-32636
Medium priorityA flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This...
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-32611
Medium priorityA flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-29499
Medium priorityA flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2019-25085
Medium priorityA vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to...
2 affected packages
epiphany-browser, glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
epiphany-browser | — | Not affected | Not affected | Not affected | Not affected |
glib2.0 | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3800
Medium priorityA flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | — | — | Not affected | Fixed | Fixed |
CVE-2021-28153
Medium prioritySome fixes available 4 of 5
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an...
1 affected packages
glib2.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
glib2.0 | Not affected | Not affected | Fixed | Fixed | Fixed |