CVE Catalog

CVE-2026-58013

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A flaw was found in GLib where a buffer over-read occurs in g_io_channel_read_line_backend() in giochannel.c when a custom line terminator longer than one byte is set, causing memcmp to read past the GString buffer. This vulnerability can lead to minor information disclosure of 7 bytes or denial of service if the over-read crosses a page boundary.

Risk Assessment

The organization may face a minor information leak of 7 bytes from memory or denial of service in services using GLib, potentially affecting the stability of critical systems.

Recommendation

Update GLib to the latest patched version. If updating is not possible, avoid using custom line terminators longer than one byte in applications relying on GLib.

Original NVD description (English source)

A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS