Skip to main content

Glib CVE-2018-16429

HIGH
Out-of-bounds Read (CWE-125)
2018-09-04 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 04, 2018 - 00:29 nvd
HIGH 7.5

DescriptionNVD

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

AnalysisAI

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Affected products include: Gnome Glib, Canonical Ubuntu Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Glib

View all
CVE-2024-52533 CRITICAL POC
9.8 Nov 11

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CON

CVE-2018-16428 CRITICAL POC
9.8 Sep 04

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Rated critical sev

CVE-2020-35457 HIGH POC
7.8 Dec 14

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entri

CVE-2025-13601 HIGH POC
7.7 Nov 26

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and

CVE-2021-27219 HIGH POC
7.5 Feb 15

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulne

CVE-2020-6750 MEDIUM POC
5.9 Jan 09

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting v

CVE-2025-14087 CRITICAL
9.8 Dec 10

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian

CVE-2019-12450 CRITICAL
9.8 May 29

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while

CVE-2021-28153 MEDIUM POC
5.3 Mar 11

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex

CVE-2024-34397 MEDIUM POC
5.2 May 07

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.

CVE-2026-58016 CRITICAL
9.1 Jun 30

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B

CVE-2026-58014 HIGH
8.6 Jun 30

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key

Share

CVE-2018-16429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy