{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Moderate" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for Red Hat Hardened Images RPMs is now available.", "title" : "Topic" }, { "category" : "general", "text" : "This update includes the following RPMs:\n\nglib2:\n * glib2-2.88.0-1.1.hum1 (aarch64, x86_64)\n * glib2-devel-2.88.0-1.1.hum1 (aarch64, x86_64)\n * glib2-doc-2.88.0-1.1.hum1 (aarch64, x86_64)\n * glib2-static-2.88.0-1.1.hum1 (aarch64, x86_64)\n * glib2-tests-2.88.0-1.1.hum1 (aarch64, x86_64)\n * glib2-2.88.0-1.1.hum1.src (src)", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:7461", "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "external", "summary" : "https://images.redhat.com/", "url" : "https://images.redhat.com/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-13601", "url" : "https://access.redhat.com/security/cve/CVE-2025-13601" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-14512", "url" : "https://access.redhat.com/security/cve/CVE-2025-14512" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-14087", "url" : "https://access.redhat.com/security/cve/CVE-2025-14087" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-7039", "url" : "https://access.redhat.com/security/cve/CVE-2025-7039" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-0988", "url" : "https://access.redhat.com/security/cve/CVE-2026-0988" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7461.json" } ], "title" : "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update", "tracking" : { "current_release_date" : "2026-04-24T20:38:21+00:00", "generator" : { "date" : "2026-04-24T20:38:21+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.7.5" } }, "id" : "RHSA-2026:7461", "initial_release_date" : "2026-04-10T19:54:09+00:00", "revision_history" : [ { "date" : "2026-04-10T19:54:09+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-04-24T20:36:05+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-04-24T20:38:21+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Hardened Images", "product" : { "name" : "Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:hummingbird:1" } } } ], "category" : "product_family", "name" : "Red Hat Hardened Images" }, { "branches" : [ { "category" : "product_version", "name" : "glib2-main@aarch64", "product" : { "name" : "glib2-main@aarch64", "product_id" : "glib2-main@aarch64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/glib2@2.88.0-1.1.hum1?arch=aarch64&distro=hummingbird-20251124&repository_id=public-hummingbird-aarch64-rpms" } } } ], "category" : "architecture", "name" : "aarch64" }, { "branches" : [ { "category" : "product_version", "name" : "glib2-main@src", "product" : { "name" : "glib2-main@src", "product_id" : "glib2-main@src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/glib2@2.88.0-1.1.hum1?arch=src&distro=hummingbird-20251124&repository_id=public-hummingbird-source-rpms" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "glib2-main@x86_64", "product" : { "name" : "glib2-main@x86_64", "product_id" : "glib2-main@x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/glib2@2.88.0-1.1.hum1?arch=x86_64&distro=hummingbird-20251124&repository_id=public-hummingbird-x86_64-rpms" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "glib2-main@aarch64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:glib2-main@aarch64" }, "product_reference" : "glib2-main@aarch64", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "glib2-main@src as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:glib2-main@src" }, "product_reference" : "glib2-main@src", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "glib2-main@x86_64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:glib2-main@x86_64" }, "product_reference" : "glib2-main@x86_64", "relates_to_product_reference" : "Red Hat Hardened Images" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-7039", "cwe" : { "id" : "CWE-190", "name" : "Integer Overflow or Wraparound" }, "discovery_date" : "2025-09-01T16:22:58.461000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2392423" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-7039" }, { "category" : "external", "summary" : "RHBZ#2392423", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-7039", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-7039" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-7039" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3716", "url" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3716" } ], "release_date" : "2025-07-02T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-10T19:54:09+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 3.7, "baseSeverity" : "LOW", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Low" } ], "title" : "glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()" }, { "cve" : "CVE-2025-13601", "cwe" : { "id" : "CWE-190", "name" : "Integer Overflow or Wraparound" }, "discovery_date" : "2025-11-24T12:49:28.274000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2416741" } ], "notes" : [ { "category" : "description", "text" : "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "glib: Integer overflow in in g_escape_uri_string()", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-13601" }, { "category" : "external", "summary" : "RHBZ#2416741", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2416741" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-13601", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-13601" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-13601" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", "url" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3827" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914", "url" : "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" } ], "release_date" : "2025-11-24T13:00:15.295000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-10T19:54:09+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "LOCAL", "availabilityImpact" : "HIGH", "baseScore" : 7.7, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "glib: Integer overflow in in g_escape_uri_string()" }, { "acknowledgments" : [ { "names" : [ "Sovereign Tech Resilience program" ], "organization" : "Sovereign Tech Agency" }, { "names" : [ "treeplus" ] } ], "cve" : "CVE-2025-14087", "cwe" : { "id" : "CWE-190", "name" : "Integer Overflow or Wraparound" }, "discovery_date" : "2025-12-05T08:35:24.744000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2419093" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "The highest threat is to system availability due to potential application crashes when processing maliciously crafted input strings through GLib's GVariant parser. This issue affects applications that utilize g_variant_parse() on untrusted data, leading to memory corruption and possible denial of service.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-14087" }, { "category" : "external", "summary" : "RHBZ#2419093", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419093" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-14087", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-14087" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-14087", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-14087" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3834", "url" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3834" } ], "release_date" : "2025-12-05T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-10T19:54:09+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "LOW", "baseScore" : 5.6, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "glib: GLib: Buffer underflow in GVariant parser leads to heap corruption" }, { "acknowledgments" : [ { "names" : [ "Codean Labs" ] } ], "cve" : "CVE-2025-14512", "cwe" : { "id" : "CWE-190", "name" : "Integer Overflow or Wraparound" }, "discovery_date" : "2025-12-11T06:22:59.701000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2421339" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This vulnerability is rated Moderate for Red Hat products because an integer overflow in GLib's GIO `escape_byte_string()` function can lead to a heap buffer overflow and denial-of-service. This occurs when processing specially crafted file or remote filesystem attribute values, requiring an attacker to provide malicious input.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-14512" }, { "category" : "external", "summary" : "RHBZ#2421339", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-14512", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-14512" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-14512" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3845", "url" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3845" } ], "release_date" : "2025-12-11T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-10T19:54:09+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow" }, { "acknowledgments" : [ { "names" : [ "Codean Labs" ] } ], "cve" : "CVE-2026-0988", "cwe" : { "id" : "CWE-190", "name" : "Integer Overflow or Wraparound" }, "discovery_date" : "2026-01-15T11:22:30.846000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2429886" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek()", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This vulnerability is rated Moderate for Red Hat. An integer overflow in the `g_buffered_input_stream_peek()` function of the GLib library can lead to a Denial of Service. Exploitation requires specially crafted input and is subject to strict preconditions, primarily causing application crashes.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-0988" }, { "category" : "external", "summary" : "RHBZ#2429886", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-0988", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-0988" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-0988" }, { "category" : "external", "summary" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3851", "url" : "https://gitlab.gnome.org/GNOME/glib/-/issues/3851" } ], "release_date" : "2026-01-15T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-10T19:54:09+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:7461" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "LOW", "baseScore" : 3.7, "baseSeverity" : "LOW", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:glib2-main@aarch64", "Red Hat Hardened Images:glib2-main@src", "Red Hat Hardened Images:glib2-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Low" } ], "title" : "glib: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek()" } ] }