Bug#1125752: glib2.0: CVE-2026-0988: Integer overflow in g_buffered_input_stream_peek() leads to segmentation fault
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 17 13:00:49 GMT 2026
Hi Simon,
On Sat, Jan 17, 2026 at 11:28:43AM +0000, Simon McVittie wrote:
> Control: severity -1 normal
>
> On Fri, 16 Jan 2026 at 23:47:08 +0100, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for glib2.0.
> >
> > CVE-2026-0988[0]:
> > | Integer overflow in g_buffered_input_stream_peek() leads to
> > | segmentation fault
>
> This is probably only a theoretical issue, unless someone has evidence of
> software that calls this function with an attacker-chosen offset that can
> approach the total size of the address space.
Ack sure, main purpose of the bug filling was to make the tracking.
Severity downgrade seems fine indeed.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list