A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is…
redhat·CWE-124·Published 2026-01-27
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Se encontró una falla en la lógica de análisis de tipos de contenido de Glib. Esta vulnerabilidad de desbordamiento negativo de búfer ocurre porque la longitud de una línea de encabezado se almacena en un entero con signo, lo que puede llevar a un desbordamiento de entero para entradas muy grandes. Esto resulta en un desbordamiento negativo de puntero y acceso a memoria fuera de límites. La explotación requiere que un usuario local instale o procese un archivo treemagic especialmente diseñado, lo que puede llevar a una denegación de servicio local o inestabilidad de la aplicación.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 2.8 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
| 3.1 | Primary | cve.org | 2.8 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
| 3.1 | Secondary | NVD | 2.8 | 1.3 | 1.4 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |