CVE-2026-1485 — Buffer Underflow in Glib2.0

CWE-124 — Buffer Underflow CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

2.8LOWNVD

OSV4.2

EPSS

0.0%

top 99.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0

Timeline

PublishedJan 27

Latest updateFeb 5

Description

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 1.3 | Impact: 1.4

Affected Packages1 packages

▶debiandebian/glib2.0< glib2.0 2.66.8-1+deb11u8 (bullseye)

🔴Vulnerability Details

OSV

glib2.0 vulnerabilities↗2026-02-05

▶

GHSA

GHSA-xc99-2v4m-jv2w: A flaw was found in Glib's content type parsing logic↗2026-01-27

▶

OSV

CVE-2026-1485: A flaw was found in Glib's content type parsing logic↗2026-01-27

▶

📋Vendor Advisories

Ubuntu

GLib vulnerabilities↗2026-02-05

▶

Red Hat

Glib: Glib: Local denial of service via buffer underflow in content type parsing↗2026-01-27

▶

Debian

CVE-2026-1485: glib2.0 - A flaw was found in Glib's content type parsing logic. This buffer underflow vul...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1485 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶