CVE-2026-1485— Glib: glib: local denial of service via buffer underflow in content type parsing
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1485
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Glib: glib: local denial of service via buffer underflow in content type parsing
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区下溢
Source: NVD (National Vulnerability Database)
Vulnerability Title
glib 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
glib是GNOME项目的一个通用的、可移植的实用程序库。提供了许多有用的数据类型、宏、类型转换、字符串实用程序、文件实用程序、主循环抽象等。 glib存在缓冲区错误漏洞,该漏洞源于内容类型解析逻辑中存在缓冲区下溢,可能导致整数环绕和指针下溢,造成本地拒绝服务或应用程序不稳定。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-1485
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1485
请登录查看更多情报信息。
- 2433325 – (CVE-2026-1485) CVE-2026-1485 Glib: Glib: Local denial of service via buffer underflow in content type parsingissue-trackingx_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2026-1485
Same Patch Batch · Red Hat · 2026-01-27 · 4 CVEs total
| CVE-2026-1467 | 5.8 MEDIUM | Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is c |
| CVE-2026-1489 | 5.4 MEDIUM | Glib: glib: memory corruption via integer overflow in unicode case conversion |
| CVE-2026-1484 | 4.2 MEDIUM | Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base6 |
IV. Related Vulnerabilities
Same product: Red Hat Enterprise Linux 10
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de - CVE-2026-34000
Xwayland: xorg: x.org x server: information disclosure and d
Same vendor: Red Hat
- CVE-2026-42011
Gnutls: gnutls: security bypass due to incorrect name constr - CVE-2026-42010
Gnutls: gnutls: authentication bypass via nul character in u - CVE-2026-6420
Keylime: keylime: security bypass due to hardcoded tpm quote - CVE-2026-34956
Openvswitch: open vswitch: denial of service via malformed f - CVE-2026-34002
Xorg: xwayland: x.org x server: information disclosure or de
Same weakness: CWE-124
- CVE-2026-41499
Wazuh: Multiple Heap-based NULL WRITE Buffer Underflows in p - CVE-2026-26204
Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertDat - CVE-2026-0966
Libssh: buffer underflow in ssh_get_hexa() on invalid input - CVE-2026-20104
Cisco多款产品 安全漏洞 - CVE-2026-28419
Vim has Heap-based Buffer Underflow in Emacs tags parsing
V. Comments for CVE-2026-1485
No comments yet