CVE Catalog

CVE-2026-58014

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

An off-by-one error was found in GLib's g_key_file_get_locale_string_list function in gkeyfile.c when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

Risk Assessment

The risk involves potential denial of service (DoS) in applications using GLib to process configuration files, which could disrupt system or service operations.

Recommendation

It is recommended to immediately update the GLib library to a version containing the fix for CVE-2026-58014 and monitor systems for unusual behavior related to key file processing.

Original NVD description (English source)

A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS