Off-by-One Error in GLib Affects Key File Processing
CVE-2026-58014

7.3HIGH

Key Information:

Vendor: Gnome
Status: Glib; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-58014?

A flaw exists in GLib, specifically within the g_key_file_get_locale_string_list function located in gkeyfile.c. This flaw can lead to an off-by-one error when processing key files containing empty values. The consequence of such an error could result in out-of-bounds memory access, presenting risks for denial of service, especially when the access crosses page boundaries. Proper handling and validation of key file inputs are essential to mitigate these risks effectively.

Affected Version(s)

GLib 0 < 2.88.1

References

https://access.redhat.com/security/cve/CVE-2026-58014

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2492255

issue-trackingx_refsource_REDHAT

https://gitlab.gnome.org/GNOME/glib/-/issues/3930

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 26, 2026

Credit

Red Hat would like to thank linhlhq for reporting this issue.

CVE-2026-58014 Data

JSON