VulnerableCode Package Details - pkg:deb/debian/glib2.0@2.66.8-1%2Bdeb11u4

Search for packages

Vulnerability	Summary	Fixed by
VCID-22x7-k4s1-uugm Aliases: CVE-2025-3360	A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.	2.74.6-2+deb12u6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7s4u-q3s2-nqbu Aliases: CVE-2025-7039		2.74.6-2+deb12u7 Affected by 0 other vulnerabilities. 2.78.4-1 Affected by 0 other vulnerabilities. 2.84.4-1 Affected by 0 other vulnerabilities. 2.84.4-2 Affected by 0 other vulnerabilities. 2.84.4-3~deb13u1 Affected by 0 other vulnerabilities.
VCID-g6d8-tvac-dfdu Aliases: CVE-2025-4373	A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.	2.74.6-2+deb12u7 Affected by 0 other vulnerabilities. 2.78.4-1 Affected by 0 other vulnerabilities.
VCID-nk6q-zvpa-y3gf Aliases: CVE-2024-52533	gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.	2.74.6-2+deb12u6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-22x7-k4s1-uugm
Aliases:
CVE-2025-3360

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

2.74.6-2+deb12u6
Affected by 2 other vulnerabilities.

VCID-7s4u-q3s2-nqbu
Aliases:
CVE-2025-7039

2.74.6-2+deb12u7
Affected by 0 other vulnerabilities.

2.78.4-1
Affected by 0 other vulnerabilities.

2.84.4-1
Affected by 0 other vulnerabilities.

2.84.4-2
Affected by 0 other vulnerabilities.

2.84.4-3~deb13u1
Affected by 0 other vulnerabilities.

VCID-g6d8-tvac-dfdu
Aliases:
CVE-2025-4373

A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

2.74.6-2+deb12u7
Affected by 0 other vulnerabilities.

2.78.4-1
Affected by 0 other vulnerabilities.

VCID-nk6q-zvpa-y3gf
Aliases:
CVE-2024-52533

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.

2.74.6-2+deb12u6
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8pgk-3d7e-skad	An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.	CVE-2024-34397
VCID-bd8m-5ver-3qdv	A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.	CVE-2023-29499
VCID-dy59-q978-23d1	A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.	CVE-2023-32611
VCID-xtt9-ua9z-gyhw	regression update	DSA-5682-2 glib2.0
VCID-z322-5vpm-ubba	A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.	CVE-2023-32665

Vulnerability

Summary

Aliases

VCID-8pgk-3d7e-skad

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

CVE-2024-34397

VCID-bd8m-5ver-3qdv

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

CVE-2023-29499

VCID-dy59-q978-23d1

A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVE-2023-32611

VCID-xtt9-ua9z-gyhw

regression update

DSA-5682-2 glib2.0

VCID-z322-5vpm-ubba

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CVE-2023-32665

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-11T12:52:17.079271+00:00	Debian Importer	Affected by	VCID-7s4u-q3s2-nqbu	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T19:56:12.644927+00:00	Debian Oval Importer	Affected by	VCID-22x7-k4s1-uugm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:07:48.123001+00:00	Debian Oval Importer	Fixing	VCID-8pgk-3d7e-skad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:24:15.559358+00:00	Debian Oval Importer	Fixing	VCID-bd8m-5ver-3qdv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:26:31.207314+00:00	Debian Oval Importer	Fixing	VCID-xtt9-ua9z-gyhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:02:09.142720+00:00	Debian Oval Importer	Fixing	VCID-z322-5vpm-ubba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:44:25.467608+00:00	Debian Oval Importer	Fixing	VCID-dy59-q978-23d1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:36:29.295005+00:00	Debian Oval Importer	Affected by	VCID-nk6q-zvpa-y3gf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:24:24.128979+00:00	Debian Importer	Affected by	VCID-g6d8-tvac-dfdu	https://security-tracker.debian.org/tracker/data/json	37.0.0