UBUNTU-CVE-2026-58013

Source
https://ubuntu.com/security/CVE-2026-58013
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-58013
Upstream
  • CVE-2026-58013
Published
2026-06-30T13:19:00Z
Modified
2026-07-03T21:45:35.355823563Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw was found in GLib. A buffer over-read can occur in giochannelreadline_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

References

Affected packages

Ubuntu:22.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.68.4-1ubuntu1
2.70.1-1
2.70.2-1
2.71.0-2
2.71.1-1
2.71.2-1
2.71.3-1
2.72.0-1
2.72.1-1
2.72.4-0ubuntu1
2.72.4-0ubuntu2
2.72.4-0ubuntu2.2
2.72.4-0ubuntu2.3
2.72.4-0ubuntu2.4
2.72.4-0ubuntu2.5
2.72.4-0ubuntu2.6
2.72.4-0ubuntu2.7
2.72.4-0ubuntu2.8
2.72.4-0ubuntu2.9

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libglib2.0-0",
            "binary_version": "2.72.4-0ubuntu2.9"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.72.4-0ubuntu2.9"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.72.4-0ubuntu2.9"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.72.4-0ubuntu2.9"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.72.4-0ubuntu2.9"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:24.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.78.0-2
2.78.1-4
2.78.3-1
2.78.3-2
2.79.1-1
2.79.2-1~ubuntu1
2.79.3-3ubuntu5
2.80.0-6ubuntu1
2.80.0-6ubuntu3
2.80.0-6ubuntu3.1
2.80.0-6ubuntu3.2
2.80.0-6ubuntu3.4
2.80.0-6ubuntu3.5
2.80.0-6ubuntu3.6
2.80.0-6ubuntu3.7
2.80.0-6ubuntu3.8

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-girepository-3.0",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "gir1.2-glib-2.0",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libgirepository-2.0-0",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libglib2.0-0t64",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.80.0-6ubuntu3.8"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.80.0-6ubuntu3.8"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:25.10
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.84.1-1
2.84.1-2
2.84.2-1
2.84.3-1
2.85.1-2
2.85.2-2
2.85.3-1
2.86.0-2
2.86.0-2ubuntu0.1
2.86.0-2ubuntu0.2
2.86.0-2ubuntu0.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-girepository-3.0",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "gir1.2-glib-2.0",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "girepository-tools",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libgio-2.0-dev-bin",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libgirepository-2.0-0",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libglib2.0-0t64",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.86.0-2ubuntu0.3"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.86.0-2ubuntu0.3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:26.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.86.0-2
2.86.1-1
2.86.1-2
2.86.2-1
2.86.3-1
2.86.3-4
2.87.2-2
2.87.2-3
2.87.3-1
2.88.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gir1.2-girepository-3.0",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "gir1.2-glib-2.0",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "girepository-tools",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libgio-2.0-dev-bin",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libgirepository-2.0-0",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libglib2.0-0t64",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.88.0-1"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.88.0-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:Pro:14.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.38.0-1ubuntu1
2.38.1-1
2.39.1-0ubuntu1
2.39.1-0ubuntu2
2.39.1-0ubuntu3
2.39.2-0ubuntu1
2.39.2-0ubuntu2
2.39.3-0ubuntu4
2.39.4-0ubuntu1
2.39.90-0ubuntu1
2.39.91-0ubuntu2
2.39.91-0ubuntu3
2.39.92-2
2.40.0-1
2.40.0-1ubuntu1
2.40.0-2
2.40.2-0ubuntu1
2.40.2-0ubuntu1.1
2.40.2-0ubuntu1.1+esm1
2.40.2-0ubuntu1.1+esm2
2.40.2-0ubuntu1.1+esm3
2.40.2-0ubuntu1.1+esm4
2.40.2-0ubuntu1.1+esm6
2.40.2-0ubuntu1.1+esm7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libglib2.0-0",
            "binary_version": "2.40.2-0ubuntu1.1+esm7"
        },
        {
            "binary_name": "libglib2.0-0-refdbg",
            "binary_version": "2.40.2-0ubuntu1.1+esm7"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.40.2-0ubuntu1.1+esm7"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.40.2-0ubuntu1.1+esm7"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.40.2-0ubuntu1.1+esm7"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:Pro:16.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.46.1-1
2.46.1-2
2.47.1-1
2.47.3-3
2.47.4-1
2.47.5-1
2.47.6-1
2.48.0-1ubuntu3
2.48.0-1ubuntu4
2.48.1-1~ubuntu16.04.1
2.48.2-0ubuntu1
2.48.2-0ubuntu3
2.48.2-0ubuntu4
2.48.2-0ubuntu4.1
2.48.2-0ubuntu4.2
2.48.2-0ubuntu4.3
2.48.2-0ubuntu4.4
2.48.2-0ubuntu4.5
2.48.2-0ubuntu4.6
2.48.2-0ubuntu4.7
2.48.2-0ubuntu4.8
2.48.2-0ubuntu4.8+esm1
2.48.2-0ubuntu4.8+esm3
2.48.2-0ubuntu4.8+esm4
2.48.2-0ubuntu4.8+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libglib2.0-0",
            "binary_version": "2.48.2-0ubuntu4.8+esm5"
        },
        {
            "binary_name": "libglib2.0-0-refdbg",
            "binary_version": "2.48.2-0ubuntu4.8+esm5"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.48.2-0ubuntu4.8+esm5"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.48.2-0ubuntu4.8+esm5"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.48.2-0ubuntu4.8+esm5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:Pro:18.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.54.1-1ubuntu1
2.55.2-2ubuntu1
2.56.0-2ubuntu1
2.56.0-4ubuntu1
2.56.1-2ubuntu1
2.56.2-0ubuntu0.18.04.1
2.56.2-0ubuntu0.18.04.2
2.56.3-0ubuntu0.18.04.1
2.56.4-0ubuntu0.18.04.2
2.56.4-0ubuntu0.18.04.3
2.56.4-0ubuntu0.18.04.4
2.56.4-0ubuntu0.18.04.5
2.56.4-0ubuntu0.18.04.6
2.56.4-0ubuntu0.18.04.7
2.56.4-0ubuntu0.18.04.8
2.56.4-0ubuntu0.18.04.9
2.56.4-0ubuntu0.18.04.9+esm3
2.56.4-0ubuntu0.18.04.9+esm4
2.56.4-0ubuntu0.18.04.9+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libglib2.0-0",
            "binary_version": "2.56.4-0ubuntu0.18.04.9+esm5"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.56.4-0ubuntu0.18.04.9+esm5"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.56.4-0ubuntu0.18.04.9+esm5"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.56.4-0ubuntu0.18.04.9+esm5"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.56.4-0ubuntu0.18.04.9+esm5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"
Ubuntu:Pro:20.04:LTS
glib2.0

Package

Name
glib2.0
Purl
pkg:deb/ubuntu/glib2.0?arch=source&distro=esm-infra%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.62.1-1
2.63.1-2
2.63.1-2ubuntu1
2.63.3-1
2.63.3-3
2.63.5-2
2.64.0-1
2.64.1-1
2.64.2-1~fakesync1
2.64.3-1~ubuntu20.04.1
2.64.6-1~ubuntu20.04.1
2.64.6-1~ubuntu20.04.2
2.64.6-1~ubuntu20.04.3
2.64.6-1~ubuntu20.04.4
2.64.6-1~ubuntu20.04.6
2.64.6-1~ubuntu20.04.7
2.64.6-1~ubuntu20.04.8
2.64.6-1~ubuntu20.04.9
2.64.6-1~ubuntu20.04.9+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libglib2.0-0",
            "binary_version": "2.64.6-1~ubuntu20.04.9+esm1"
        },
        {
            "binary_name": "libglib2.0-bin",
            "binary_version": "2.64.6-1~ubuntu20.04.9+esm1"
        },
        {
            "binary_name": "libglib2.0-data",
            "binary_version": "2.64.6-1~ubuntu20.04.9+esm1"
        },
        {
            "binary_name": "libglib2.0-dev-bin",
            "binary_version": "2.64.6-1~ubuntu20.04.9+esm1"
        },
        {
            "binary_name": "libglib2.0-tests",
            "binary_version": "2.64.6-1~ubuntu20.04.9+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-58013.json"