2433325 – (CVE-2026-1485) CVE-2026-1485 Glib: Glib: Local denial of service via buffer underflow in content type parsing

Bug 2433325 (CVE-2026-1485) - CVE-2026-1485 Glib: Glib: Local denial of service via buffer underflow in content type parsing

Summary: CVE-2026-1485 Glib: Glib: Local denial of service via buffer underflow in con...

Keywords:
Status:	NEW
Alias:	CVE-2026-1485
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2433326 2433327 2433328 2433329 2433330 2433331 2433332 2433333 2433334 2433335 2433336 2433337 2433338 2433339 2433340 2433341 2433342 2433343 2433344 2433345
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-27 13:13 UTC by OSIDB Bzimport
Modified:	2026-01-27 13:23 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-27 13:13:44 UTC

Buffer Underflow vulnerability in GLib’s content type parsing logic. The issue is caused by storing the length of a header line in a signed integer, allowing integer wraparound for extremely large inputs. This leads to pointer underflow and out-of-bounds memory access in parse_header(). Exploitation requires a user to install or process a maliciously crafted treemagic file, limiting the practical impact to local denial of service or application instability.

Note You need to log in before you can comment on or make changes to this bug.