DEBIAN-CVE-2026-0988

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-0988

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0988.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-0988

Upstream

CVE-2026-0988

Downstream

DLA-4491-1

Published

2026-01-21T12:15:55.560Z

Modified

2026-05-16T14:04:16.968210Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A flaw was found in glib. Missing validation of offset and count parameters in the gbufferedinputstreampeek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

References

https://security-tracker.debian.org/tracker/CVE-2026-0988

Affected packages

Debian:11 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.66.8-1+deb11u8

Affected versions

2.*

2.66.8-1

2.66.8-1+deb11u1

2.66.8-1+deb11u2

2.66.8-1+deb11u3

2.66.8-1+deb11u4

2.66.8-1+deb11u5

2.66.8-1+deb11u6

2.66.8-1+deb11u7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0988.json"

Debian:12 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.74.6-2+deb12u9

Affected versions

2.*

2.74.6-2

2.74.6-2+deb12u1

2.74.6-2+deb12u2

2.74.6-2+deb12u3

2.74.6-2+deb12u4

2.74.6-2+deb12u5

2.74.6-2+deb12u6

2.74.6-2+deb12u7

2.74.6-2+deb12u8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0988.json"

Debian:13 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.84.4-3~deb13u3

Affected versions

2.*

2.84.3-1

2.84.4-1

2.84.4-2

2.84.4-3~deb13u1

2.84.4-3~deb13u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0988.json"

Debian:14 / glib2.0

Package

Name: glib2.0
Purl: pkg:deb/debian/glib2.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.86.3-5

Affected versions

2.*

2.84.3-1

2.84.4-1

2.84.4-2

2.84.4-3~deb13u1

2.84.4-3~deb13u2

2.84.4-3~deb13u3

2.84.4-3

2.85.1-1

2.85.1-2

2.85.2-2

2.85.3-1

2.85.4-1

2.86.0-1

2.86.0-2

2.86.0-3

2.86.0-4

2.86.0-5

2.86.0-6

2.86.0-7

2.86.1-1

2.86.1-2

2.86.2-1

2.86.3-1

2.86.3-2

2.86.3-3

2.86.3-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-0988.json"