CVE-2008-4316

Name of the Vulnerable Software and Affected Versions GLib versions prior to 2.20 glib2-devel versions prior to 2.12.3 glib2-debuginfo versions prior to 2.12.3 libgio-2 0-0 versions prior to 2.20 libgmodule-2 0-0 versions prior to 2.20 libgobject-2 0-0 versions prior to 2.20 libgthread-2 0-0 versions prior to 2.20 libglib-2 0-0 versions prior to 2.20

Description The issue is related to multiple integer overflows in the glib/gbase64.c file of GLib, which can be exploited by context-dependent attackers to execute arbitrary code via a long string that is converted either from or to a base64 representation. The vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information. It can be exploited locally.

Recommendations For GLib versions prior to 2.20, update to version 2.20 or later. For glib2-devel versions prior to 2.12.3, update to version 2.12.3 or later. For glib2-debuginfo versions prior to 2.12.3, update to version 2.12.3 or later. For libgio-2 0-0 versions prior to 2.20, update to version 2.20 or later. For libgmodule-2 0-0 versions prior to 2.20, update to version 2.20 or later. For libgobject-2 0-0 versions prior to 2.20, update to version 2.20 or later. For libgthread-2 0-0 versions prior to 2.20, update to version 2.20 or later. For libglib-2 0-0 versions prior to 2.20, update to version 2.20 or later. As a temporary workaround, consider disabling the base64 conversion functions until a patch is available.