MGASA-2026-0023

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0023.html

Import Source

https://advisories.mageia.org/MGASA-2026-0023.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0023

Related

Published

2026-01-28T22:42:14Z

Modified

2026-02-04T03:11:48.675383Z

Summary

Updated glib2.0 packages fix security vulnerabilities

Details

Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with gdatetimenewfromiso8601(). (CVE-2025-3360) Buffer under-read on glib through glib/gfileutils.c via gettmpfile(). (CVE-2025-7039) Integer overflow in in gescapeuristring(). (CVE-2025-13601) Buffer underflow in gvariant parser leads to heap corruption. (CVE-2025-14087) Integer overflow in glib gio attribute escaping causes heap buffer overflow. (CVE-2025-14512) Denial of service via integer overflow in gbufferedinputstreampeek(). (CVE-2026-0988)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / glib2.0

Package

Name: glib2.0
Purl: pkg:rpm/mageia/glib2.0?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.76.3-1.6.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0023.json"