Bug 2433259 (CVE-2026-1484) - CVE-2026-1484 Glib: Integer Overflow Leading to Buffer Underflow and Out-of-Bounds Write in GLib g_base64_encode()
Summary: CVE-2026-1484 Glib: Integer Overflow Leading to Buffer Underflow and Out-of-B...
Keywords:
Status: NEW
Alias: CVE-2026-1484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2433260 2433261 2433262 2433263 2433264 2433265 2433266 2433267 2433268 2433269 2433270 2433271 2433272 2433273 2433274 2433275 2433276 2433277 2433278 2433279 2433280 2433281 2433282 2433283 2433284 2433285 2433286 2433287 2433288 2433289 2433290 2433291 2433292 2433293 2433294 2433295 2433296 2433297 2433300 2433301 2433302 2433303 2433304 2433305 2433306 2433307 2433308 2433309 2433310 2433311 2433312 2433313 2433314 2433315 2433318 2433319 2433320 2433321
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-27 12:19 UTC by OSIDB Bzimport
Modified: 2026-06-02 08:27 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-27 12:19:40 UTC 
Integer Overflow leads to Buffer Underflow vulnerability in GLib’s Base64 encoding implementation. The flaw is caused by storing the output length returned by g_base64_encode_step() in a signed integer (gint). When encoding very large attacker-controlled input, this value may overflow and become negative. The resulting pointer arithmetic in g_base64_encode_close() leads to a buffer underflow and out-of-bounds heap write. Exploitation requires that an application passes untrusted or excessively large input to the Base64 encoding API and may result in application crashes or potential memory corruption.
Note You need to log in before you can comment on or make changes to this bug.