CVE-2026-0988
Buffer Overflow in glib g_buffered_input_stream_peek() Causes DoS
Publication date: 2026-01-21
Last updated on: 2026-04-24
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnome | glib | to 2.68.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow in the GLib library's g_buffered_input_stream_peek() function. It occurs because the function does not properly validate the offset and count parameters. When specially crafted values are used, their sum can overflow during length calculation, causing an incorrect size to be passed to memcpy(). This leads to a buffer overflow, which can crash the application and cause a denial of service. [1]
How can this vulnerability impact me? :
The vulnerability can cause the affected application to crash due to a buffer overflow triggered by the integer overflow. This results in a denial of service (DoS), impacting system availability. Exploitation requires strict preconditions, and the severity is considered low. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the GLib library to a version where the g_buffered_input_stream_peek() function properly validates the offset and count parameters to prevent integer overflow. Avoid using vulnerable versions of GLib and apply any patches provided by your Linux distribution or GLib maintainers. Since exploitation requires strict preconditions and the impact is denial of service, prioritizing updates and patches is the recommended immediate step. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability primarily impacts system availability by causing a denial of service through application crashes. There is no information indicating that it affects confidentiality or integrity of data, so its impact on compliance with standards like GDPR or HIPAA, which focus on data protection and privacy, is not specified. [1]