VulnerableCode Package Details - pkg:conan/glib@2.65.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-31vp-bd65-aaaa Aliases: CVE-2021-27219 GHSL-2021-045	An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.	2.67.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.68.3 Affected by 0 other vulnerabilities.
VCID-38zg-dgk4-aaac Aliases: CVE-2021-28153	An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)	2.67.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.72.4 Affected by 0 other vulnerabilities.
VCID-gq67-5cnu-aaam Aliases: CVE-2021-27218	An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.	2.67.4 Affected by 0 other vulnerabilities. 2.68.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-31vp-bd65-aaaa
Aliases:
CVE-2021-27219
GHSL-2021-045

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

2.67.3
Affected by 1 other vulnerability.

2.68.3
Affected by 0 other vulnerabilities.

VCID-38zg-dgk4-aaac
Aliases:
CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

2.67.0
Affected by 2 other vulnerabilities.

2.72.4
Affected by 0 other vulnerabilities.

VCID-gq67-5cnu-aaam
Aliases:
CVE-2021-27218

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

2.67.4
Affected by 0 other vulnerabilities.

2.68.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-17T22:48:06.652067+00:00	GitLab Importer	Fixing	VCID-8mnu-b5pg-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/glib/CVE-2020-35457.yml	34.0.1
2024-01-03T18:09:11.003127+00:00	GitLab Importer	Fixing	VCID-8mnu-b5pg-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/glib/CVE-2020-35457.yml	34.0.0rc1

2024-09-17T22:48:06.652067+00:00

GitLab Importer

Fixing

VCID-8mnu-b5pg-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/glib/CVE-2020-35457.yml

34.0.1

2024-01-03T18:09:11.003127+00:00

GitLab Importer

Fixing

VCID-8mnu-b5pg-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/conan/glib/CVE-2020-35457.yml

34.0.0rc1

purl	pkg:conan/glib@2.65.3
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.4