GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to goptiongroupaddentries()." The researcher states that this pattern is undocumented
{
"cpe": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.65.3"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "166990730672949992501700588065117894711",
"length": 1681.0
},
"target": {
"function": "g_option_group_add_entries",
"file": "glib/goption.c"
},
"id": "CVE-2020-35457-133a3d4e",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://gitlab.gnome.org/gnome/glib@63c5b62f0a984fac9a9700b12f54fe878e016a5d",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"139537024621877586421012634436740319349",
"213658572378068546980454058502973843806",
"254744378804206875485793075776936797836"
]
},
"target": {
"file": "glib/goption.c"
},
"id": "CVE-2020-35457-4af64f54",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://gitlab.gnome.org/gnome/glib@63c5b62f0a984fac9a9700b12f54fe878e016a5d",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35457.json"
"2026-07-09T01:30:39Z"