Skip to main content

Glib CVE-2020-35457

HIGH
Integer Overflow or Wraparound (CWE-190)
2020-12-14 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 14, 2020 - 23:15 nvd
HIGH 7.8

DescriptionNVD

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

AnalysisAI

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented Affected products include: Gnome Glib. Version information: before 2.65.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Glib

View all
CVE-2024-52533 CRITICAL POC
9.8 Nov 11

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CON

CVE-2018-16428 CRITICAL POC
9.8 Sep 04

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. Rated critical sev

CVE-2025-13601 HIGH POC
7.7 Nov 26

Heap-based buffer overflow in GLib's g_escape_uri_string() function allows local attackers to achieve high-integrity and

CVE-2021-27219 HIGH POC
7.5 Feb 15

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulne

CVE-2018-16429 HIGH POC
7.5 Sep 04

GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf

CVE-2020-6750 MEDIUM POC
5.9 Jan 09

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting v

CVE-2025-14087 CRITICAL
9.8 Dec 10

Heap corruption in GLib (GNOME's core C utility library) lets remote attackers trigger a buffer-underflow in the GVarian

CVE-2019-12450 CRITICAL
9.8 May 29

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while

CVE-2021-28153 MEDIUM POC
5.3 Mar 11

An issue was discovered in GNOME GLib before 2.66.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex

CVE-2024-34397 MEDIUM POC
5.2 May 07

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.

CVE-2026-58016 CRITICAL
9.1 Jun 30

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-B

CVE-2026-58014 HIGH
8.6 Jun 30

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key

Share

CVE-2020-35457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy