CVE-2026-1489 — Out-of-bounds Write in Glib2.0

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

5.4MEDIUMNVD

OSV4.2

EPSS

0.1%

top 79.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glib2.0

Timeline

PublishedJan 27

Latest updateFeb 5

Description

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶debiandebian/glib2.0< glib2.0 2.66.8-1+deb11u8 (bullseye)

🔴Vulnerability Details

OSV

glib2.0 vulnerabilities↗2026-02-05

▶

GHSA

GHSA-9m4g-m3p5-p6gm: A flaw was found in GLib↗2026-01-27

▶

OSV

CVE-2026-1489: A flaw was found in GLib↗2026-01-27

▶

📋Vendor Advisories

Ubuntu

GLib vulnerabilities↗2026-02-05

▶

Red Hat

Glib: GLib: Memory corruption via integer overflow in Unicode case conversion↗2026-01-27

▶

Debian

CVE-2026-1489: glib2.0 - A flaw was found in GLib. An integer overflow vulnerability in its Unicode case ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-1489 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶