CVE-2026-58010
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
An off-by-one error was found in GLib in the gvs_tuple_is_normal function within glib/gvariant-serialiser.c. The bounds check uses > instead of >=, causing an out-of-bounds read of one byte during alignment padding checks. This flaw can lead to minor information disclosure of one byte and denial of service if the read crosses a page boundary.
Risk Assessment
The organization faces a risk of leaking a single byte of sensitive data and potential denial of service in applications using GLib, especially when the out-of-bounds read crosses a memory page boundary, causing crashes.
Recommendation
Immediately update GLib to a patched version that fixes the off-by-one error. Monitor your operating system distribution's security advisories for the official patch.
Original NVD description (English source)
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.

