CVE-2026-1485
CVE-2026-1485 is a low-severity vulnerability with a CVSS 3.x base score of 2.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-124.
Key facts
- Severity: Low (CVSS 3.x base score 2.8)
- EPSS exploit prediction: 0% (4th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-4835
- Weakness: CWE-124
- Published:
- Last modified:
Description
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Frequently asked questions
- What is CVE-2026-1485?
- A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
- How severe is CVE-2026-1485?
- CVE-2026-1485 has a CVSS 3.x base score of 2.8, rated low severity. It is exploitable over local access with low attack complexity, requires low privileges and user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2026-1485 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (4th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-1485?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-1485 have an EU (EUVD) identifier?
- Yes. CVE-2026-1485 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-4835.
- When was CVE-2026-1485 published?
- CVE-2026-1485 was published on 2026-01-27 and last updated on 2026-06-17.
References
- https://access.redhat.com/security/cve/CVE-2026-1485
- https://bugzilla.redhat.com/show_bug.cgi?id=2433325
- https://gitlab.gnome.org/GNOME/glib/-/issues/3871
Other CWE-124 vulnerabilities
- CVE-2026-44631 — Critical (CVSS 9.8): Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue…
- CVE-2023-25610 — Critical (CVSS 9.8): A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version…
- CVE-2025-27440 — High (CVSS 8.5): Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via…
- CVE-2025-27439 — High (CVSS 8.5): Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via…
- CVE-2026-34253 — High (CVSS 8.2): A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in…
- CVE-2026-0966 — High (CVSS 8.2): A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing…