CVE Catalog

CVE-2026-58010

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

An off-by-one error was found in GLib in the gvs_tuple_is_normal function within glib/gvariant-serialiser.c. The bounds check uses > instead of >=, causing an out-of-bounds read of one byte during alignment padding checks. This flaw can lead to minor information disclosure of one byte and denial of service if the read crosses a page boundary.

Risk Assessment

The organization faces a risk of leaking a single byte of sensitive data and potential denial of service in applications using GLib, especially when the out-of-bounds read crosses a memory page boundary, causing crashes.

Recommendation

Immediately update GLib to a patched version that fixes the off-by-one error. Monitor your operating system distribution's security advisories for the official patch.

Original NVD description (English source)

A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS