|Related CVEs||CVE-2018-16428 CVE-2018-16429 CVE-2019-13012|
Several flaws were corrected in glib2.0, a general-purpose C library.
A NULL pointer dereference may lead to a denial-of-service (application crash) when parsing a document.
While parsing an invalid string an out-of-bounds read may occur which can lead to an access violation error or may have other unspecified impact.
The keyfile settings backend in GNOME GLib creates directories and files with insecure permissions. This is similar to CVE-2019-12450.
For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u2.
We recommend that you upgrade your glib2.0 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/