CVE-2026-1489 | THREATINT

Description

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-27 | Updated 2026-02-03 | Assigner redhat

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Problem types

Out-of-bounds Write

Product status

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2026-01-27:	Reported to Red Hat.
2026-01-27:	Made public.

Credits

Red Hat would like to thank treeplus for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-1489 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2433348 (RHBZ#2433348) issue-tracking

cve.org (CVE-2026-1489)

nvd.nist.gov (CVE-2026-1489)

Download JSON