CVE-2026-1485 - Vulnerability Details

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-1485
https://bugzilla.redhat.com/show_bug.cgi?id=2433325

History

Tue, 27 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 27 Jan 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Title		Glib: glib: local denial of service via buffer underflow in content type parsing
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-125
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-1485 https://bugzilla.redhat.com/show_bug.cgi?id=2433325
Metrics		cvssV3_1 `{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-01-27T13:43:18.098Z

Updated: 2026-01-27T14:42:44.691Z

Reserved: 2026-01-27T12:56:50.801Z

Link: CVE-2026-1485

Vulnrichment

Updated: 2026-01-27T14:42:05.212Z

NVD

Status : Awaiting Analysis

Published: 2026-01-27T14:15:56.223

Modified: 2026-01-27T14:59:34.073

Link: CVE-2026-1485

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object