VDB

DEBIAN-CVE-2026-0988

DEBIAN-CVE-2026-0988 PUBLISHED CVSS 3.700000047683716 LOW

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Risk Scores

CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Debian:14glib2.02.84.4-2, 2.86.0-3, 2.86.0-4
Debian:11glib2.02.66.8-1, 2.66.8-1, 2.66.8-1
Debian:12glib2.02.74.6-2, 2.86.0-1, 2.86.0-2
Debian:13glib2.02.86.3-3, 2.86.0-6, 2.84.4-3

Timeline

  • Jan 21, 2026 CVE Published
  • May 16, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›