Nixpkgs security tracker
2.8 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Glib: glib: local denial of service via buffer underflow in content type parsing
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
References
Affected products
Matching in nixpkgs
pkgs.bootc
Boot and upgrade via container images
pkgs.loupe
Simple image viewer application written with GTK4 and Rust
pkgs.papers
GNOME's document viewer
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
pkgs.podman-bootc
Streamlining podman+bootc interactions
pkgs.mlxbf-bootctl
Control BlueField boot partitions
-
nixos-unstable 2025-01-16
- nixpkgs-unstable 2025-01-16
- nixos-unstable-small 2025-01-16
-
nixos-25.11 2025-01-16
- nixpkgs-25.11-darwin 2025-01-16
pkgs.glycin-loaders
Glycin loaders for several formats
pkgs.pop-wallpapers
Wallpapers for Pop!_OS
-
nixos-unstable 1.0.5-unstable-2025-06-24
- nixpkgs-unstable 1.0.5-unstable-2025-06-24
- nixos-unstable-small 1.0.5-unstable-2025-06-24
-
nixos-25.11 1.0.5-unstable-2025-06-24
- nixpkgs-25.11-darwin 1.0.5-unstable-2025-06-24
pkgs.cosmic-wallpapers
Wallpapers for the COSMIC Desktop Environment
-
nixos-unstable 1.0.0-alpha.7
- nixpkgs-unstable 1.0.0-alpha.7
- nixos-unstable-small 1.0.0-alpha.7
-
nixos-25.11 1.0.0-beta.7
- nixpkgs-25.11-darwin 1.0.0-beta.7
pkgs.pop-hp-wallpapers
Wallpapers for High-Performance System76 products
-
nixos-unstable 0-unstable-2022-04-01
- nixpkgs-unstable 0-unstable-2022-04-01
- nixos-unstable-small 0-unstable-2022-04-01
-
nixos-25.11 0-unstable-2025-10-28
- nixpkgs-25.11-darwin 0-unstable-2025-10-28
pkgs.systemd-bootchart
Boot performance graphing tool from systemd
pkgs.rubyPackages.glib2
None
-
nixos-unstable glib2-4.2.9
- nixpkgs-unstable glib2-4.2.9
- nixos-unstable-small glib2-4.2.9
-
nixos-25.11 glib2-4.3.3
pkgs.system76-wallpapers
Wallpapers for System76 products
-
nixos-unstable 0-unstable-2024-04-26
- nixpkgs-unstable 0-unstable-2024-04-26
- nixos-unstable-small 0-unstable-2024-04-26
-
nixos-25.11 0-unstable-2024-04-26
- nixpkgs-25.11-darwin 0-unstable-2024-04-26
pkgs.rubyPackages_3_1.glib2
None
-
nixos-unstable glib2-4.2.9
- nixpkgs-unstable glib2-4.2.9
- nixos-unstable-small glib2-4.2.9
pkgs.rubyPackages_3_2.glib2
None
-
nixos-unstable glib2-4.2.9
- nixpkgs-unstable glib2-4.2.9
- nixos-unstable-small glib2-4.2.9
pkgs.rubyPackages_3_3.glib2
None
-
nixos-unstable glib2-4.2.9
- nixpkgs-unstable glib2-4.2.9
- nixos-unstable-small glib2-4.2.9
-
nixos-25.11 glib2-4.3.3
- nixpkgs-25.11-darwin glib2-4.3.3
pkgs.rubyPackages_3_4.glib2
None
-
nixos-unstable glib2-4.2.9
- nixpkgs-unstable glib2-4.2.9
- nixos-unstable-small glib2-4.2.9
-
nixos-25.11 glib2-4.3.3
- nixpkgs-25.11-darwin glib2-4.3.3
pkgs.rubyPackages_3_5.glib2
None
-
nixos-25.11 -
- nixpkgs-25.11-darwin glib2-4.3.3
pkgs.rubyPackages_4_0.glib2
None
-
nixos-25.11 glib2-4.3.3
pkgs.deepin.deepin-wallpapers
Deepin-wallpapers provides wallpapers of dde
pkgs.lomiri.lomiri-wallpapers
Wallpapers for the Lomiri Operating Environment, gathered from people of the Ubuntu Touch / UBports community
pkgs.perlPackages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.gnomeExtensions.2-wallpapers
Changes the wallpaper based on whether there are open windows or not.
-
nixos-25.11 2-wallpapers-6
- nixpkgs-25.11-darwin 2-wallpapers-6
pkgs.perl538Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.perl540Packages.Apppapersway
PaperWM-like scrollable tiling window management for Sway/i3wm
pkgs.pantheon.elementary-wallpapers
Collection of wallpapers for elementary
pkgs.libsForQt5.plasma-workspace-wallpapers
None
pkgs.kdePackages.plasma-workspace-wallpapers
Wallpapers for Plasma Workspaces
Package maintainers
-
@Thesola10 Karim Vergnes <me@thesola.io>
-
@nyabinary Niko Cantero <nyanbinary@keemail.me>
-
@griffi-gh Luna Prasol <prasol258@gmail.com>
-
@a-kenji Alexander Kenji Berthold <aks.kenji@protonmail.com>
-
@michaelBelsanti Mike Belsanti <mbels03@protonmail.com>
-
@drakon64 Evelyn Chance <nixpkgs@drakon.cloud>
-
@Pandapip1 Gavin John <gavinnjohn@gmail.com>
-
@HeitorAugustoLN Heitor Augusto <nixpkgs.woven713@passmail.net>
-
@thefossguy Pratham Patel <prathampatel@thefossguy.com>
-
@ahoneybun Aaron Honeycutt <aaronhoneycutt@proton.me>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@wineee Lu Hongxu <lhongxu@outlook.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@K900 Ilya K. <me@0upti.me>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@thillux Markus Theil <theil.markus@gmail.com>
-
@nikstur nikstur <nikstur@outlook.com>
-
@davidak David Kleuker <post@davidak.de>
-
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
-
@evan-goode Evan Goode <mail@evangoo.de>
-
@normalcea normalcea <normalc@posteo.net>
-
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@numinit Morgan Jones <me+nixpkgs@numin.it>