Описание
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glib2.0 | fixed | 2.86.3-1 | package | |
| glib2.0 | fixed | 2.84.4-3~deb13u2 | trixie | package |
| glib2.0 | fixed | 2.74.6-2+deb12u8 | bookworm | package |
Примечания
https://gitlab.gnome.org/GNOME/glib/-/issues/3845
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4936
Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/4f0399c0aaf3ffc86b5625424580294bc7460404 (2.86.3)
Связанные уязвимости
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.
