CVE-2026-1489

Description

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

...

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-1489
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-1489
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-1489/
[4] VulDB https://vuldb.com/cve/CVE-2026-1489
[5] https://access.redhat.com/security/cve/CVE-2026-1489
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2433348
[7] https://gitlab.gnome.org/GNOME/glib/-/issues/3872

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-1489", "sourceIdentifier": "[email protected]", "published": "2026-01-27T15:15:57.370", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable."}, {"lang": "es", "value": "Se encontró una falla en GLib. Una vulnerabilidad de desbordamiento de entero en su implementación de conversión de mayúsculas y minúsculas Unicode puede llevar a corrupción de memoria. Al procesar cadenas Unicode especialmente diseñadas y extremadamente grandes, un atacante podría desencadenar una asignación de memoria de tamaño insuficiente, lo que resultaría en escrituras fuera de límites. Esto podría causar que las aplicaciones que utilizan GLib para la conversión de cadenas se bloqueen o se vuelvan inestables."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1489", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433348", "source": "[email protected]"}, {"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3872", "source": "[email protected]"}]}}