CVE-2026-1489

Published: Jan 27, 2026Modified: Jun 2, 2026Deferred

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Exploitability: 2.8 / Impact: 2.5

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://access.redhat.com/security/cve/CVE-2026-1489

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2433348

Source: secalert@redhat.com

https://gitlab.gnome.org/GNOME/glib/-/issues/3872

Source: secalert@redhat.com

https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Timeline

No history available yet.