CVE-2026-1489

Published: January 28, 2026Last modified: February 10, 2026

Description

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

Severity score breakdown

ParameterValue
Base score5.4
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactLOW
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSglibFixed (2.74.7-r6)
25 LTSglibFixed (2.84.4-r3)
StreamglibFixed (2.86.3-r2)

References

ON THIS PAGE