Description
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
Published: 2026-01-27
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-Bounds Write
Action: Monitor
AI Analysis

Impact

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Because of an integer overflow during length calculation, the library can miscalculate buffer boundaries, causing memory writes outside the allocated buffer. This results in undefined behavior such as crashes or unpredictable execution, which could potentially allow an attacker to corrupt memory or, if sufficient control is obtained, execute arbitrary code. The weakness corresponds to out-of-bounds write (CWE-124 / CWE-787) and integer overflow (CWE-190).

Affected Systems

Affected systems are Red Hat Enterprise Linux releases 6 through 10. The vulnerability exists in the GLib package bundled with those operating systems, which is widely used by many applications and system components. No specific product versions are listed beyond the OS families, but any installation of GLib on those RHEL releases is potentially vulnerable.

Risk and Exploitability

The CVSS score of 4.2 indicates a low severity impact, and the EPSS score of less than 1 % shows a very low current exploitation probability. The issue has not been listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is feeding large or malformed Base64 input to any application that uses GLib’s g_base64_encode routine. An attacker would need to supply such data, and the vulnerability would manifest as a crash or corruption; no public exploit demonstrates attacker control, so the risk is limited but a memory corruption flaw remains. Until an update is released, systems should consider hardening measures and input validation.

Generated by OpenCVE AI on April 16, 2026 at 07:17 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Obtain and apply the official patch or upgrade to GLib when Red Hat releases it for RHEL 6‑10.
  • Implement application‑level checks that reject Base64 input exceeding a safe size to prevent an overflow.
  • Harden the runtime environment by enabling address‑space layout randomization, stack canaries, and enforcing SELinux or equivalent mandatory access control to limit the impact of memory corruption.

Generated by OpenCVE AI on April 16, 2026 at 07:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4491-1 glib2.0 security update
History

Thu, 19 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
References

Wed, 28 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-124
CWE-190
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 27 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
Title Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-787
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-19T09:59:55.610Z

Reserved: 2026-01-27T11:58:49.994Z

Link: CVE-2026-1484

cve-icon Vulnrichment

Updated: 2026-01-27T15:12:03.031Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T14:15:56.050

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1484

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-27T00:00:00Z

Links: CVE-2026-1484 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:30:28Z

Weaknesses