CVE-2026-1485

EUVD-2026-4835

27.01.2026, 14:15

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Buffer Underflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
redhat	CNA	2.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

glib2.0

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	2.87.2-3 fixed
sid	2.87.2-3 fixed
trixie	no-dsa

Common Weakness Enumeration

CWE-124 - Buffer Underwrite ('Buffer Underflow')
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

References

https://access.redhat.com/security/cve/CVE-2026-1485

https://bugzilla.redhat.com/show_bug.cgi?id=2433325