Debian 11 GLib2.0 DLA-4491-1 Multiple DoS Memory Issues CVE-2026-0988
debian lts
February 23, 2026
Multiple issues were found in GLib, a general-purpose, portable utility library, that could lead to denial of service, memory corruption or potentially arbitrary code execution if ...
Topics Covered
Summary
CVE-2026-0988
Codean Labs found missing validation of offset and count parameters in the
g_buffered_input_stream_peek() function can lead to an integer overflow
during length calculation. When specially crafted values are provided, this
overflow results in an incorrect size being passed to memcpy(), triggering
a buffer overflow. This can cause application crashes, leading to a Denial
of Service (DoS).
CVE-2026-1484
treeplus with additional thanks to Sovereign Tech Resilience program of the
Sovereign Tech Agency found in the GLib Base64 encoding routine when
processing very large input data. Due to incorrect use of integer types
during length calculation, the library may miscalculate buffer boundaries.
This can cause memory writes outside the allocated buffer. Applications
that process untrusted or extremely large Base64 input using GLib may crash
or behave unpredictably.
CVE-2026-1485
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: glib2.0
Version: 2.66.8-1+deb11u8
CVE ID: CVE-2026-0988 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489
Debian Bug: 1125752 1126549 1126550 1126551
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!