Search for packages
| purl | pkg:deb/debian/glib2.0@2.58.3-2%2Bdeb10u3 |
| Next non-vulnerable version | 2.74.6-2+deb12u7 |
| Latest non-vulnerable version | 2.84.4-3~deb13u1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-22x7-k4s1-uugm
Aliases: CVE-2025-3360 |
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. |
Affected by 2 other vulnerabilities. |
|
VCID-8pgk-3d7e-skad
Aliases: CVE-2024-34397 |
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. |
Affected by 4 other vulnerabilities. |
|
VCID-9p15-7pre-jbgm
Aliases: CVE-2020-6750 |
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. |
Affected by 7 other vulnerabilities. |
|
VCID-at76-t7hf-eugm
Aliases: CVE-2021-28153 |
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) |
Affected by 7 other vulnerabilities. |
|
VCID-bd8m-5ver-3qdv
Aliases: CVE-2023-29499 |
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. |
Affected by 4 other vulnerabilities. |
|
VCID-dfk8-ujvd-gyc3
Aliases: CVE-2019-25085 |
gvdb: use after free issue was fixed in gvdb_table_write_contents_async() |
Affected by 7 other vulnerabilities. |
|
VCID-dy59-q978-23d1
Aliases: CVE-2023-32611 |
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. |
Affected by 4 other vulnerabilities. |
|
VCID-nk6q-zvpa-y3gf
Aliases: CVE-2024-52533 |
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. |
Affected by 2 other vulnerabilities. |
|
VCID-pkmd-74e9-27cf
Aliases: CVE-2019-13012 |
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. |
Affected by 7 other vulnerabilities. |
|
VCID-qksf-ukbf-f7ed
Aliases: CVE-2021-27218 |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. |
Affected by 7 other vulnerabilities. |
|
VCID-qsmt-fq5e-1bcs
Aliases: CVE-2021-3800 |
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. |
Affected by 7 other vulnerabilities. |
|
VCID-vfj5-racs-xub5
Aliases: CVE-2021-27219 GHSL-2021-045 |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. |
Affected by 7 other vulnerabilities. |
|
VCID-xtt9-ua9z-gyhw
Aliases: DSA-5682-2 glib2.0 |
regression update |
Affected by 4 other vulnerabilities. |
|
VCID-z322-5vpm-ubba
Aliases: CVE-2023-32665 |
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. |
Affected by 4 other vulnerabilities. |
|
VCID-zxgr-b63u-tugq
Aliases: CVE-2020-35457 |
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented |
Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||