Back to CVE Browser

CVE-2018-16428

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0250%

EPSS Percentile30.60th

PublishedSep 4, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

Affected Platforms (CPE)

📦

Gnome

Glib

= 2.56.1

💻

Canonical

Ubuntu Linux

= 12.04

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/02/14/3

🔗 http://www.securityfocus.com/bid/105210

🔗 https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9

🔗 https://gitlab.gnome.org/GNOME/glib/issues/1364

🔗 https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html

🔗 https://usn.ubuntu.com/3767-1/

🔗 https://usn.ubuntu.com/3767-2/

🔗 http://www.openwall.com/lists/oss-security/2020/02/14/3

Related Vulnerabilities

CVE-2019-124509.8

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy ope...

CVE-2020-354577.8

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: ...

CVE-2021-408277.8

Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move,...

CVE-2009-32897.8

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo...