VDB
DEBIAN-CVE-2026-1489
DEBIAN-CVE-2026-1489
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | glib2.0 | *, 2.66.8-1, 2.66.8-1 |
| Debian:13 | glib2.0 | 2.86.3-4, 2.87.1-1, 2.87.2-2 |
| Debian:12 | glib2.0 | 2.74.6-2, 2.84.1-2, 2.84.2-1 |
| Debian:14 | glib2.0 | 2.86.2-1, 2.86.3-1, 2.86.3-2 |
Timeline
- Jan 27, 2026 CVE Published
- May 16, 2026 CVE Updated