CVE-2026-58012
Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()
Description
A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
INFO
Published Date :
June 30, 2026, 12:57 p.m.
Last Modified :
June 30, 2026, 12:57 p.m.
Remotely Exploit :
Yes !
Source :
redhat
Affected Products
The following products are affected by CVE-2026-58012
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | 53f830b8-0a3f-465b-8143-3b8a9948e749 | ||||
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update GLib to a patched version.
- Avoid using G_REGEX_RAW with case-change escapes.
- Validate inputs for regex operations.
- Monitor for crashes or memory corruption.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-58012 vulnerability anywhere in the article.