Fluid Attacks Database

Description

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| =2.74.6-2+deb12u7 \|\| =2.74.6-2+deb12u8 \|\| >=0 <2.74.6-2+deb12u9	2.74.6-2+deb12u9
debian 14	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| >=0 <2.86.3-5	2.86.3-5
debian 13	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| >=0 <2.84.4-3~deb13u3	2.84.4-3~deb13u3
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| =2.66.8-1+deb11u7 \|\| >=0 <2.66.8-1+deb11u8	2.66.8-1+deb11u8
rpm rhel10	glib2	-	-
rpm rhel9	bootc	-	-
rpm rhel9	glib2	-	-
rpm rhel10	rpm-ostree	-	-
rpm rhel10	bootc	-	-
rpm rhel6	glib2	-	-

1-10 of 20

Aliases

1. CVE-2026-09882. NVD-2026-09883. OSV-DEBIAN-2026-09884. OSV-2026-09885. SECURITY-TRACKER-CVE-2026-0988

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.