CVE-2026-58014
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
An off-by-one error was found in GLib's g_key_file_get_locale_string_list function in gkeyfile.c when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
Risk Assessment
The risk involves potential denial of service (DoS) in applications using GLib to process configuration files, which could disrupt system or service operations.
Recommendation
It is recommended to immediately update the GLib library to a version containing the fix for CVE-2026-58014 and monitor systems for unusual behavior related to key file processing.
Original NVD description (English source)
A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.

