An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glib | Gnome | * | 2.66.7 (excluding) |
| Glib | Gnome | 2.67.0 (including) | 2.67.4 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | mingw-glib2-0:2.66.7-2.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | glib2-0:2.56.4-10.el8_4.1 | * |
| Glib2.0 | Ubuntu | bionic | * |
| Glib2.0 | Ubuntu | esm-infra-legacy/trusty | * |
| Glib2.0 | Ubuntu | focal | * |
| Glib2.0 | Ubuntu | groovy | * |
| Glib2.0 | Ubuntu | precise/esm | * |
| Glib2.0 | Ubuntu | trusty | * |
| Glib2.0 | Ubuntu | trusty/esm | * |
| Glib2.0 | Ubuntu | upstream | * |
| Glib2.0 | Ubuntu | xenial | * |