VDB
DEBIAN-CVE-2026-1485
DEBIAN-CVE-2026-1485
PUBLISHED
CVSS 2.799999952316284 LOW
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Risk Scores
CVSS 3.1
2.799999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | glib2.0 | 2.86.0-3, 2.78.0-1, 2.78.0-2 |
| Debian:13 | glib2.0 | 0, 2.84.4-1, 2.84.4-3 |
| Debian:11 | glib2.0 | 2.66.8-1+deb11u6, 2.66.8-1+deb11u7, * |
| Debian:14 | glib2.0 | 2.86.1-2, 2.86.3-2, 2.86.3-3 |
Timeline
- Jan 27, 2026 CVE Published
- May 16, 2026 CVE Updated