CVE-2024-52533 — CVSS 9.8 (critical): gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not…
CVE-2019-12450 — CVSS 9.8 (critical): file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is…
CVE-2009-3289 — CVSS 7.8 (high): The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows…
CVE-2020-35457 — CVSS 7.8 (high): GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the…
CVE-2025-13601 — CVSS 7.7 (high): A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string()…
CVE-2019-13012 — CVSS 7.5 (high): The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents…
CVE-2026-58016 — CVSS 7.5 (high): A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when…
CVE-2012-0039 — CVSS 7.5 (high): GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash…
CVE-2018-16429 — CVSS 7.5 (high): GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
CVE-2021-27218 — CVSS 7.5 (high): An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or…
CVE-2021-27219 — CVSS 7.5 (high): An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit…
CVE-2025-4056 — CVSS 7.5 (high): A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long…
CVE-2026-58014 — CVSS 7.3 (high): A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when…
CVE-2026-58013 — CVSS 6.5 (medium): A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line…
CVE-2019-9633 — CVSS 6.5 (medium): gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting…
CVE-2025-14512 — CVSS 6.5 (medium): A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's…
CVE-2026-58010 — CVSS 6.5 (medium): A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when…
CVE-2026-58011 — CVSS 6.5 (medium): A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file…
CVE-2026-58012 — CVSS 6.5 (medium): A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and…
CVE-2020-6750 — CVSS 5.9 (medium): GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server…
CVE-2026-58015 — CVSS 5.9 (medium): A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the…
CVE-2025-14087 — CVSS 5.6 (medium): A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service…
CVE-2023-29499 — CVSS 5.5 (medium): A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of…
CVE-2021-3800 — CVSS 5.5 (medium): A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users…
CVE-2023-32611 — CVSS 5.5 (medium): A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive…
CVE-2023-32665 — CVSS 5.5 (medium): A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause…
CVE-2023-32643 — CVSS 5.3 (medium): A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for…
CVE-2021-28153 — CVSS 5.3 (medium): An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path…
CVE-2024-34397 — CVSS 5.2 (medium): An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals…
CVE-2023-32636 — CVSS 4.7 (medium): A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input…
CVE-2008-4316 — CVSS 4.6 (medium): Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long…
CVE-2025-6052 — CVSS 3.7 (low): A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with…