{"id":"MGASA-2026-0023","summary":"Updated glib2.0 packages fix security vulnerabilities","details":"Glib prior to 2.82.5 is vulnerable to integer overflow and buffer\nunder-read when parsing a very long invalid iso 8601 timestamp with\ng_date_time_new_from_iso8601(). (CVE-2025-3360)\nBuffer under-read on glib through glib/gfileutils.c via get_tmp_file().\n(CVE-2025-7039)\nInteger overflow in g_escape_uri_string(). (CVE-2025-13601)\nBuffer underflow in gvariant parser leads to heap corruption.\n(CVE-2025-14087)\nInteger overflow in glib gio attribute escaping causes heap buffer\noverflow. (CVE-2025-14512)\nDenial of service via integer overflow in\ng_buffered_input_stream_peek(). (CVE-2026-0988)\n","modified":"2026-04-16T00:11:52.527309454Z","published":"2026-01-28T22:42:14Z","upstream":["CVE-2025-13601","CVE-2025-14087","CVE-2025-14512","CVE-2025-3360","CVE-2025-7039","CVE-2026-0988"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0023.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35052"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7971-1"}],"affected":[{"package":{"name":"glib2.0","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/glib2.0?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.76.3-1.6.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0023.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}