#VU16354 NULL pointer dereference in Gnome GLib

Published: 2018-12-10

Vulnerability identifier: #VU16354

Vulnerability risk: Low


CVE-ID: CVE-2018-16428


Exploitation vector: Local

Exploit availability:

Vulnerable software:
Gnome GLib
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team


The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in g_markup_parse_context_end_parse() in gmarkup.c. A local attacker can execute a specially crafted application or file that submits malicious input and cause the service to crash.

Install update from vendor's website.

Vulnerable software versions

Gnome GLib: 2.56.1

Fixed software versions


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability