CVE-2026-0988
Unknown Unknown - Not Provided
Buffer Overflow in glib g_buffered_input_stream_peek() Causes DoS

Publication date: 2026-01-21

Last updated on: 2026-04-24

Assigner: Red Hat, Inc.

Description
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0988
EUVD
EUVD-2026-3684
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome glib to 2.68.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow in the GLib library's g_buffered_input_stream_peek() function. It occurs because the function does not properly validate the offset and count parameters. When specially crafted values are used, their sum can overflow during length calculation, causing an incorrect size to be passed to memcpy(). This leads to a buffer overflow, which can crash the application and cause a denial of service. [1]

Impact Analysis

The vulnerability can cause the affected application to crash due to a buffer overflow triggered by the integer overflow. This results in a denial of service (DoS), impacting system availability. Exploitation requires strict preconditions, and the severity is considered low. [1]

Mitigation Strategies

To mitigate this vulnerability, update the GLib library to a version where the g_buffered_input_stream_peek() function properly validates the offset and count parameters to prevent integer overflow. Avoid using vulnerable versions of GLib and apply any patches provided by your Linux distribution or GLib maintainers. Since exploitation requires strict preconditions and the impact is denial of service, prioritizing updates and patches is the recommended immediate step. [1]

Compliance Impact

The vulnerability primarily impacts system availability by causing a denial of service through application crashes. There is no information indicating that it affects confidentiality or integrity of data, so its impact on compliance with standards like GDPR or HIPAA, which focus on data protection and privacy, is not specified. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0988. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart