Nixpkgs security tracker
2.8 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Glib: glib: local denial of service via buffer underflow in content type parsing
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
References
Affected products
Matching in nixpkgs
pkgs.bootc
Boot and upgrade via container images
pkgs.loupe
Simple image viewer application written with GTK4 and Rust
pkgs.papers
GNOME's document viewer
pkgs.qbootctl
Qualcomm bootctl HAL for Linux
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
pkgs.podman-bootc
Streamlining podman+bootc interactions
pkgs.mlxbf-bootctl
Control BlueField boot partitions
-
nixos-unstable 2025-01-16
- nixpkgs-unstable 2025-01-16
- nixos-unstable-small 2025-01-16
pkgs.glycin-loaders
Glycin loaders for several formats
pkgs.pop-wallpapers
Wallpapers for Pop!_OS
-
nixos-unstable 1.0.5-unstable-2025-06-24
- nixpkgs-unstable 1.0.5-unstable-2025-06-24
- nixos-unstable-small 1.0.5-unstable-2025-06-24
pkgs.cosmic-wallpapers
Wallpapers for the COSMIC Desktop Environment
-
nixos-unstable 1.0.0-beta.7
- nixpkgs-unstable 1.0.0-beta.7
- nixos-unstable-small 1.0.0-beta.7
pkgs.pop-hp-wallpapers
Wallpapers for High-Performance System76 products
-
nixos-unstable 0-unstable-2025-10-28
- nixpkgs-unstable 0-unstable-2025-10-28
- nixos-unstable-small 0-unstable-2025-10-28
pkgs.systemd-bootchart
Boot performance graphing tool from systemd
pkgs.rubyPackages.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
pkgs.system76-wallpapers
Wallpapers for System76 products
-
nixos-unstable 0-unstable-2024-04-26
- nixpkgs-unstable 0-unstable-2024-04-26
- nixos-unstable-small 0-unstable-2024-04-26
pkgs.rubyPackages_3_1.glib2
None
pkgs.rubyPackages_3_2.glib2
None
pkgs.rubyPackages_3_3.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
pkgs.rubyPackages_3_4.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
pkgs.rubyPackages_3_5.glib2
None
-
nixos-unstable glib2-4.3.3
- nixpkgs-unstable glib2-4.3.3
- nixos-unstable-small glib2-4.3.3
pkgs.deepin.deepin-wallpapers
deepin-wallpapers provides wallpapers of dde
pkgs.lomiri.lomiri-wallpapers
Wallpapers for the Lomiri Operating Environment, gathered from people of the Ubuntu Touch / UBports community
pkgs.perlPackages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.gnomeExtensions.2-wallpapers
Changes the wallpaper based on whether there are open windows or not.
-
nixos-unstable 2-wallpapers-6
- nixpkgs-unstable 2-wallpapers-6
- nixos-unstable-small 2-wallpapers-6
pkgs.perl538Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.perl540Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.pantheon.elementary-wallpapers
Collection of wallpapers for elementary
pkgs.libsForQt5.plasma-workspace-wallpapers
None
pkgs.kdePackages.plasma-workspace-wallpapers
Wallpapers for Plasma Workspaces
Package maintainers
-
@Thesola10 Karim Vergnes <me@thesola.io>
-
@michaelBelsanti Mike Belsanti <mbels03@protonmail.com>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@HeitorAugustoLN Heitor Augusto <nixpkgs.woven713@passmail.net>
-
@a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
-
@thefossguy Pratham Patel <prathampatel@thefossguy.com>
-
@nyabinary Niko Cantero <nyanbinary@keemail.me>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@ahoneybun Aaron Honeycutt <aaronhoneycutt@proton.me>
-
@drakon64 Evelyn Chance <nixpkgs@drakon.cloud>
-
@wineee Lu Hongxu <lhongxu@outlook.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@K900 Ilya K. <me@0upti.me>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@nikstur nikstur <nikstur@outlook.com>
-
@davidak David Kleuker <post@davidak.de>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@evan-goode Evan Goode <mail@evangoo.de>
-
@normalcea normalcea <normalc@posteo.net>
-
@honnip Jung seungwoo <me@honnip.page>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>
-
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>