Impact
An out‑of‑bounds memory read of two bytes occurs in the g_date_time_get_ymd function of GLib when an improperly constructed GDateTime object is processed. The read can corrupt the date output, potentially leading to logical errors that may manifest as a denial of service. The weakness is a buffer overread (CWE‑125).
Affected Systems
Red Hat Enterprise Linux releases 6, 7, 8, 9, 10 and Red Hardened Images run GLib within their packages. Any system that includes these distributions is affected, as the vulnerability resides in the core GLib library bundled with the OS.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity. EPSS data is not provided, and the vulnerability is not listed in CISA’s KEV catalog. Exploitability is likely local or remote if an application processes user‑supplied date values through g_date_time_add_full; an attacker could supply crafted input to trigger the overread and cause a denial of service.
OpenCVE Enrichment