CVE-2026-1485

EUVD-2026-4835

27.01.2026, 14:15

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Buffer Underflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

glib2.0

bookworm	2.74.6-2+deb12u9 fixed
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	2.66.8-1+deb11u8 fixed
forky	2.88.1-2 fixed
sid	2.88.1-2 fixed
trixie	2.84.4-3~deb13u3 fixed

openSUSE / SLES Releases

openSUSE Product

Release

glib2-devel

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

glib2-devel-static

suse enterprise server 12 SP5

2.48.2-12.58.1

fixed

glib2-lang

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

glib2-tools

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgio-2_0-0

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgio-2_0-0-32bit

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libglib-2_0-0

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libglib-2_0-0-32bit

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgmodule-2_0-0

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgmodule-2_0-0-32bit

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgobject-2_0-0

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgobject-2_0-0-32bit

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgthread-2_0-0

suse enterprise desktop 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise sap 15 SP7	2.78.6-150600.4.35.1 fixed
suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed
suse enterprise server 15 SP6	2.78.6-150600.4.35.1 fixed
suse enterprise server 15 SP7	2.78.6-150600.4.35.1 fixed

libgthread-2_0-0-32bit

suse enterprise server 12 SP3	2.48.2-12.58.1 fixed
suse enterprise server 12 SP5	2.48.2-12.58.1 fixed

Common Weakness Enumeration

CWE-124 - Buffer Underwrite ('Buffer Underflow')
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

References

https://access.redhat.com/security/cve/CVE-2026-1485

https://bugzilla.redhat.com/show_bug.cgi?id=2433325

https://gitlab.gnome.org/GNOME/glib/-/issues/3871