Heap Overflow Vulnerability in XDGMIME Affecting Applications on Little-Endian Systems
CVE-2026-16118
7.1HIGH
What is CVE-2026-16118?
A vulnerability exists in XDGMIME that allows a heap-based buffer overflow in the function _xdg_mime_magic_parse_magic_line() within xdgmimemagic.c. This issue occurs when an attacker places a specially crafted MIME magic file in a user-writable XDG data location, such as the $XDG_DATA_HOME/mime/magic path. Applications that rely on proper MIME type detection, for instance via g_content_type_guess(), are susceptible to this flaw. The improper pointer arithmetic during byte-swapping operations can trigger an out-of-bounds write of 2 bytes, potentially leading to application crashes or memory corruption, thus compromising system stability.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank asotyc for reporting this issue.