Integer Overflow Vulnerability in GLib Affects GNOME Products
CVE-2021-27219

7.5HIGH

Key Information:

Vendor

Gnome
Status
Glib
Vendor
CVE Published:
15 February 2021

What is CVE-2021-27219?

An integer overflow vulnerability exists in the GLib library prior to version 2.66.6 and in the series 2.67.x before 2.67.3. This issue arises from an implicit cast from 64-bit integers to 32-bit during the execution of the g_bytes_new function, which may lead to memory corruption. Exploiting this vulnerability could result in unexpected behavior, including potential denial of service or code execution on affected systems.

References

https://gitlab.gnome.org/GNOME/glib/-/issues/2319
x_refsource_MISC
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4...
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.