← Zuruck zu CVEs
CVE-2026-1489
MEDIUM5.4
Beschreibung
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht1/27/2026
Zuletzt geandert3/19/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-787
Referenzen
https://access.redhat.com/security/cve/CVE-2026-1489(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2433348(secalert@redhat.com)
https://gitlab.gnome.org/GNOME/glib/-/issues/3872(secalert@redhat.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.