GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). Upstream bug: https://gitlab.gnome.org/GNOME/glib/issues/1361 Upstream patch: https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b
Created chromium tracking bugs for this issue: Affects: fedora-all [bug 1626173] Created firefox tracking bugs for this issue: Affects: fedora-all [bug 1626174] Created glib2 tracking bugs for this issue: Affects: fedora-all [bug 1626169] Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1626176]
Mitigation: Since the only affected code in this flaw is g_markup_parse_context_parse(), any application (compiled with glib2) which does not use this function or any other function which calls this vulnerable code, is not affected by this flaw.