Critical Buffer Overflow Vulnerabilities in Fedora 43 and 44 minGW-GLib2

Critical Buffer Overflow Vulnerabilities in Fedora 43 and 44 minGW-GLib2

First seen 17 Jul 2026, 08:27 UTC Linuxsecurity 100% similarity 70.5

Article Content

Browse articles
ThreatCluster

Fedora has released critical updates for its minGW-GLib2 packages in versions 43 and 44 due to multiple buffer overflow vulnerabilities. The vulnerabilities, identified as CVE-2026-58010, CVE-2026-58011, CVE-2026-58012, CVE-2026-58013, CVE-2026-58014, and CVE-2026-58016, were published on June 30, 2026. They affect various components of the minGW-GLib2 library, which is used in applications built for Windows using the GNU Compiler Collection. Users are advised to update their systems using the 'dnf' package manager to mitigate potential exploits. The updates were backported by Sandro Mani on July 8, 2026. The vulnerabilities include buffer over-reads and integer underflows, which could allow attackers to execute arbitrary code. Both Fedora 43 and 44 are impacted, highlighting the need for immediate action by users.

Key Points: • Fedora 43 and 44 minGW-GLib2 packages have critical buffer overflow vulnerabilities. • Six CVEs were published on June 30, 2026, affecting various library components. • Users must apply updates via 'dnf' to protect against potential exploits.

ThreatCluster AI

Timeline

2026-06-30
CVE-2026-58010 published
Buffer over-read vulnerability in glib/gvariant-serialiser.c identified.
Linuxsecurity
2026-06-30
CVE-2026-58011 published
Out-of-bounds read vulnerability in glib/gdatetime.c discovered.
Linuxsecurity
2026-06-30
CVE-2026-58012 published
Buffer over-read vulnerability in glib/gregex.c reported.
Linuxsecurity
2026-06-30
CVE-2026-58013 published
Buffer over-read vulnerability in glib/giochannel.c identified.
Linuxsecurity
2026-06-30
CVE-2026-58014 published
Off-by-one error vulnerability in glib/gkeyfile.c reported.
Linuxsecurity
2026-06-30
CVE-2026-58016 published
Integer underflow vulnerability in gio/gdbusintrospection.c identified.
Linuxsecurity
2026-07-08
Backport fixes released for Fedora 43 and 44
Sandro Mani backported fixes for the identified vulnerabilities in both Fedora versions.
Linuxsecurity

Community

Browse all →