threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnome glib
Product
gnome glib
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-14512
< 2.86.3
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in
6.5
MEDIUM
CVE-2025-14087
< 2.86.3
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of
5.6
MEDIUM
CVE-2025-13601
< 2.86.3
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string(
7.7
HIGH
CVE-2025-4056
< 2.84.1
A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using l
7.5
HIGH
CVE-2025-6052
>= 2.75.3 and <= 2.84.3
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining
3.7
LOW
CVE-2024-52533
< 2.82.1
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN
9.8
CRITICAL
CVE-2024-34397
< 2.78.5
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to
5.2
MEDIUM
CVE-2023-32665
< 2.74.4
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause
5.5
MEDIUM
CVE-2023-32643
< 2.75.1
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-
5.3
MEDIUM
CVE-2023-32636
< 2.74.4
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional in
4.7
MEDIUM
CVE-2023-32611
< 2.74.2
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive
5.5
MEDIUM
CVE-2023-29499
< 2.74.4
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to de
5.5
MEDIUM
CVE-2021-3800
< 2.62.5
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privilege
5.5
MEDIUM
CVE-2021-28153
< 2.66.8
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to repla
5.3
MEDIUM
CVE-2021-27219
< 2.66.6
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on
7.5
HIGH
CVE-2021-27218
< 2.66.7
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer
7.5
HIGH
CVE-2020-35457
< 2.65.3
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE:
7.8
HIGH
CVE-2020-13645
< 2.62.4
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TL
6.5
MEDIUM
CVE-2020-6750
>= 2.60.0 and <= 2.62.4
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy
5.9
MEDIUM
CVE-2019-13012
>= 2.0.0 and < 2.59.1
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parent
7.5
HIGH
CVE-2019-12450
>= 2.15.0 and <= 2.61.1
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy ope
9.8
CRITICAL
CVE-2019-9633
all versions
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-at
6.5
MEDIUM
CVE-2018-16429
all versions
GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().
7.5
HIGH
CVE-2018-16428
all versions
In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
9.8
CRITICAL
CVE-2012-0039
<= 2.31.8
GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger has
7.5
HIGH
CVE-2009-3289
all versions
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo
7.8
HIGH
CVE-2008-4316
<= 2.16.4
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin