CVE-2026-1485

LOW EPSS 3.6%

Published Jan 27, 20265mo ago · Modified Jun 17, 20261w ago

2.8 CVSS 3.1

Low

Published Jan 27, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

CVSS Details

Base Score

2.8

Exploitability

1.3

Impact

1.4

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability Low

Threat Intelligence

EPSS Exploit Probability

3.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-124

References 3

access.redhat.com https://access.redhat.com/security/cve/CVE-2026-1485
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2433325
gitlab.gnome.org https://gitlab.gnome.org/GNOME/glib/-/issues/3871

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.