GNU Libidn Security Vulnerabilities in 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in GNU Libidn.

By the Year

In 2026 there have been 1 vulnerability in GNU Libidn with an average score of 4.0 out of ten.

Year	Vulnerabilities	Average Score
2026	1	4.00

It may take a day or so for new Libidn vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNU Libidn Security Vulnerabilities

GNU libidn <1.44 OOB Read in ToUnicode API
CVE-2026-57053 4 - Medium - June 23, 2026

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.

Improper Validation of Specified Quantity in Input

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33
CVE-2016-6263 7.5 - High - September 07, 2016

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.

Out-of-bounds Read

idn in libidn before 1.33 might
CVE-2016-6262 7.5 - High - September 07, 2016

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.

Out-of-bounds Read

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
CVE-2016-6261 7.5 - High - September 07, 2016

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.

Out-of-bounds Read

idn in GNU libidn before 1.33 might
CVE-2015-8948 - September 07, 2016

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNU Libidn or by GNU? Click the Watch button to subscribe.

GNU
Vendor

GNU Libidn
Product

GNU Libidn

Don't miss out!

By the Year

Recent GNU Libidn Security Vulnerabilities

GNU libidn <1.44 OOB Read in ToUnicode API CVE-2026-57053 4 - Medium - June 23, 2026

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 CVE-2016-6263 7.5 - High - September 07, 2016

idn in libidn before 1.33 might CVE-2016-6262 7.5 - High - September 07, 2016

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 CVE-2016-6261 7.5 - High - September 07, 2016

idn in GNU libidn before 1.33 might CVE-2015-8948 - September 07, 2016

Stay on top of Security Vulnerabilities

GNU Vendor

GNU LibidnProduct

GNU libidn <1.44 OOB Read in ToUnicode API
CVE-2026-57053 4 - Medium - June 23, 2026

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33
CVE-2016-6263 7.5 - High - September 07, 2016

idn in libidn before 1.33 might
CVE-2016-6262 7.5 - High - September 07, 2016

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
CVE-2016-6261 7.5 - High - September 07, 2016

idn in GNU libidn before 1.33 might
CVE-2015-8948 - September 07, 2016

GNU
Vendor

GNU Libidn
Product