CVE-2026-1489

EUVD-2026-4826
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
glib2.0
bookworm
2.74.6-2+deb12u9
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
2.66.8-1+deb11u8
fixed
forky
2.88.1-2
fixed
sid
2.88.1-2
fixed
trixie
2.84.4-3~deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glib2-devel
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
glib2-devel-static
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
glib2-lang
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
glib2-tools
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgio-2_0-0
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgio-2_0-0-32bit
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libglib-2_0-0
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libglib-2_0-0-32bit
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgmodule-2_0-0
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgmodule-2_0-0-32bit
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgobject-2_0-0
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgobject-2_0-0-32bit
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgthread-2_0-0
suse enterprise desktop 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise sap 15 SP7
2.78.6-150600.4.35.1
fixed
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
suse enterprise server 15 SP6
2.78.6-150600.4.35.1
fixed
suse enterprise server 15 SP7
2.78.6-150600.4.35.1
fixed
libgthread-2_0-0-32bit
suse enterprise server 12 SP3
2.48.2-12.58.1
fixed
suse enterprise server 12 SP5
2.48.2-12.58.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-1489
https://bugzilla.redhat.com/show_bug.cgi?id=2433348
https://gitlab.gnome.org/GNOME/glib/-/issues/3872