Glib: glib: local denial of service via buffer underflow in content type parsing
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Affected products
Matching in nixpkgs
pkgs.bootc
Boot and upgrade via container images
pkgs.loupe
Simple image viewer application written with GTK4 and Rust
pkgs.papers
GNOME's document viewer
pkgs.qbootctl
Qualcomm bootctl HAL for Linux
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
pkgs.podman-bootc
Streamlining podman+bootc interactions
pkgs.mlxbf-bootctl
Control BlueField boot partitions
-
nixos-unstable 2025-01-16
- nixpkgs-unstable 2025-01-16
- nixos-unstable-small 2025-01-16
pkgs.glycin-loaders
Glycin loaders for several formats
pkgs.pop-wallpapers
Wallpapers for Pop!_OS
-
nixos-unstable 1.0.5-unstable-2025-06-24
- nixpkgs-unstable 1.0.5-unstable-2025-06-24
- nixos-unstable-small 1.0.5-unstable-2025-06-24
-
nixos-25.05 1.0.5-unstable-2025-06-24
- nixos-25.05-small 1.0.5-unstable-2025-06-24
- nixpkgs-25.05-darwin 1.0.5-unstable-2025-06-24
pkgs.cosmic-wallpapers
Wallpapers for the COSMIC Desktop Environment
-
nixos-unstable 1.0.0-beta.7
- nixpkgs-unstable 1.0.0-beta.7
- nixos-unstable-small 1.0.0-beta.7
-
nixos-25.05 1.0.0-alpha.7
- nixos-25.05-small 1.0.0-alpha.7
- nixpkgs-25.05-darwin 1.0.0-alpha.7
pkgs.pop-hp-wallpapers
Wallpapers for High-Performance System76 products
-
nixos-unstable 0-unstable-2025-10-28
- nixpkgs-unstable 0-unstable-2025-10-28
- nixos-unstable-small 0-unstable-2025-10-28
-
nixos-25.05 0-unstable-2022-04-01
- nixos-25.05-small 0-unstable-2022-04-01
- nixpkgs-25.05-darwin 0-unstable-2022-04-01
pkgs.systemd-bootchart
Boot performance graphing tool from systemd
pkgs.rubyPackages.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
-
nixos-25.05 glib2-4.2.9
- nixos-25.05-small glib2-4.2.9
- nixpkgs-25.05-darwin glib2-4.2.9
pkgs.system76-wallpapers
Wallpapers for System76 products
-
nixos-unstable 0-unstable-2024-04-26
- nixpkgs-unstable 0-unstable-2024-04-26
- nixos-unstable-small 0-unstable-2024-04-26
-
nixos-25.05 0-unstable-2024-04-26
- nixos-25.05-small 0-unstable-2024-04-26
- nixpkgs-25.05-darwin 0-unstable-2024-04-26
pkgs.rubyPackages_3_1.glib2
None
-
nixos-25.05 glib2-4.2.9
- nixos-25.05-small glib2-4.2.9
- nixpkgs-25.05-darwin glib2-4.2.9
pkgs.rubyPackages_3_2.glib2
None
-
nixos-25.05 glib2-4.2.9
- nixos-25.05-small glib2-4.2.9
- nixpkgs-25.05-darwin glib2-4.2.9
pkgs.rubyPackages_3_3.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
-
nixos-25.05 glib2-4.2.9
- nixos-25.05-small glib2-4.2.9
- nixpkgs-25.05-darwin glib2-4.2.9
pkgs.rubyPackages_3_4.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
-
nixos-25.05 glib2-4.2.9
- nixos-25.05-small glib2-4.2.9
- nixpkgs-25.05-darwin glib2-4.2.9
pkgs.rubyPackages_3_5.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
pkgs.deepin.deepin-wallpapers
deepin-wallpapers provides wallpapers of dde
pkgs.lomiri.lomiri-wallpapers
Wallpapers for the Lomiri Operating Environment, gathered from people of the Ubuntu Touch / UBports community
pkgs.perlPackages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.gnomeExtensions.2-wallpapers
Changes the wallpaper based on whether there are open windows or not.
-
nixos-unstable 2-wallpapers-6
- nixpkgs-unstable 2-wallpapers-6
- nixos-unstable-small 2-wallpapers-6
pkgs.perl538Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.perl540Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.pantheon.elementary-wallpapers
Collection of wallpapers for elementary
pkgs.libsForQt5.plasma-workspace-wallpapers
None
pkgs.kdePackages.plasma-workspace-wallpapers
Wallpapers for Plasma Workspaces
Package maintainers
-
@Thesola10 Karim Vergnes <me@thesola.io>
-
@michaelBelsanti Mike Belsanti <mbels03@protonmail.com>
-
@thefossguy Pratham Patel <prathampatel@thefossguy.com>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@HeitorAugustoLN Heitor Augusto <nixpkgs.woven713@passmail.net>
-
@drakon64 Evelyn Chance <nixpkgs@drakon.cloud>
-
@a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
-
@nyabinary Niko Cantero <nyanbinary@keemail.me>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@ahoneybun Aaron Honeycutt <aaronhoneycutt@proton.me>
-
@wineee Lu Hongxu <lhongxu@outlook.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@K900 Ilya K. <me@0upti.me>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@nikstur nikstur <nikstur@outlook.com>
-
@davidak David Kleuker <post@davidak.de>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@evan-goode Evan Goode <mail@evangoo.de>
-
@normalcea normalcea <normalc@posteo.net>
-
@honnip Jung seungwoo <me@honnip.page>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>