Description
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
Published: 2026-01-27
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption via Integer Overflow in GLib Unicode Case Conversion
Action: Assess Impact
AI Analysis

Impact

The vulnerability stems from an integer overflow in GLib’s Unicode case conversion routine. When an application supplies an unusually large Unicode string, the calculation of the required memory size wraps around, causing an undersized allocation. This overflow allows the program to write beyond the end of the buffer, corrupting memory and potentially leading to process crashes or instability for any software that uses the affected GLib function.

Affected Systems

Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10 are affected. The flaw resides in the GLib component shipped with these distributions; no specific GLib version is identified, so all releases containing the vulnerable code are impacted until the vendor issues a fix.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, while the EPSS score below 1 % suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Because the flaw is triggered by processing specially crafted Unicode input, the attack vector is inferred to be a local or application-level channel that can receive untrusted data. No public exploits have been reported, and the primary consequence is memory corruption that may destabilize applications rather than enable remote code execution.

Generated by OpenCVE AI on April 18, 2026 at 14:49 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • No official solution is currently available; stay informed for patches from Red Hat.
  • Apply the Red Hat update package that addresses the GLib memory corruption when it becomes available.
  • Upgrade the GLib library to a patched version that resolves the integer overflow, either by updating the distribution package or installing the fixed upstream release.
  • Implement application-level checks to limit the length of incoming Unicode strings or validate input before passing it to the vulnerable GLib function.

Generated by OpenCVE AI on April 18, 2026 at 14:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4491-1 glib2.0 security update
History

Thu, 19 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
References

Wed, 28 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 27 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
Title Glib: glib: memory corruption via integer overflow in unicode case conversion
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-787
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-03-19T09:59:55.622Z

Reserved: 2026-01-27T14:00:10.886Z

Link: CVE-2026-1489

cve-icon Vulnrichment

Updated: 2026-01-27T15:09:06.006Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T15:15:57.370

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1489

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-27T00:00:00Z

Links: CVE-2026-1489 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses