Description
A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
Severity (CVSS)
| Base score | 6.5 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
| Provided by | CNA |
Weaknesses
- CWE-126 — Buffer Over-read
Affected products
| Vendor | Product | Versions |
|---|---|---|
| GNOME | GLib | 0 to <2.86.5; 0 to <2.88.1 |
| Red Hat | Red Hat Enterprise Linux 10 | — |
| Red Hat | Red Hat Enterprise Linux 10 | — |
| Red Hat | Red Hat Enterprise Linux 6 | — |
| Red Hat | Red Hat Enterprise Linux 7 | — |
| Red Hat | Red Hat Enterprise Linux 8 | — |
| Red Hat | Red Hat Enterprise Linux 8 | — |
| Red Hat | Red Hat Enterprise Linux 9 | — |
| Red Hat | Red Hat Enterprise Linux 9 | — |
| Red Hat | Red Hat Hardened Images | — |
References
- https://access.redhat.com/security/cve/CVE-2026-58010 (vdb-entry x_refsource_REDHAT)
- https://bugzilla.redhat.com/show_bug.cgi?id=2492243 (issue-tracking x_refsource_REDHAT)
- https://gitlab.gnome.org/GNOME/glib/-/issues/3915
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.