Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

整数溢出或超界折返

glib 输入验证错误漏洞

glib是GNOME项目的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 glib存在输入验证错误漏洞，该漏洞源于g_buffered_input_stream_peek函数未验证偏移和计数参数，可能导致整数溢出和缓冲区溢出，造成应用程序崩溃和拒绝服务。

N/A

N/A