Description
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Published: 2026-01-27
Score: 2.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The vulnerability is a buffer underflow in glib's content type parsing logic caused by storing a header line length in a signed integer, which allows integer wraparound for very large inputs. The resulting pointer underflow leads to an out‑of‑bounds memory read that can crash the application or cause instability. The flaw is classified as an integer underflow (CWE‑124, CWE‑125) and a buffer overflow (CWE‑787). The impact is local denial of service or application instability when a local user processes a specially crafted treemagic file.

Affected Systems

This flaw affects Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10, as all these distributions ship a vulnerable version of the glib library. No specific glib version range is provided in the advisory, so any RHEL system that has not applied the latest glib update may be exposed.

Risk and Exploitability

The CVSS score is 2.8, indicating moderate severity. EPSS is reported as less than 1%, meaning exploitation attempts are expected to be rare. The vulnerability is not listed in CISA’s KEV catalog. Because exploitation requires a local user to install or run a treemagic file, the likelihood of abuse is limited to environments where uncontrolled local access is possible. In most production setups, the risk is low, but any host that allows local untrusted users to create arbitrary files should be considered vulnerable.

Generated by OpenCVE AI on April 16, 2026 at 07:17 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Update the glib package to the latest version provided by the distribution to eliminate the vulnerable code.
  • Upgrade to the most recent Red Hat Enterprise Linux minor release that includes the glib fix, ensuring all security updates are applied.
  • Restrict permissions on the filesystem so that local users cannot create or modify treemagic files that may be processed by the glib library.

Generated by OpenCVE AI on April 16, 2026 at 07:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4491-1 glib2.0 security update
History

Wed, 18 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
References

Wed, 28 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-124
CWE-787
References
Metrics threat_severity

None

 threat_severity

Low

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Title Glib: glib: local denial of service via buffer underflow in content type parsing
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-125
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-18T16:44:23.593Z

Reserved: 2026-01-27T12:56:50.801Z

Link: CVE-2026-1485

cve-icon Vulnrichment

Updated: 2026-01-27T14:42:05.212Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T14:15:56.223

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1485

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-27T00:00:00Z

Links: CVE-2026-1485 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:30:28Z

Weaknesses