Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2026-1485

Buffer Underwrite ('Buffer Underflow')

Published: Jan 27, 2026 | Modified: Feb 03, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
2.8 LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-1485
CWEhttps://cwe.mitre.org/data/definitions/124.html

A flaw was found in Glibs content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Weakness

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Affected Software

NameVendorStart VersionEnd Version
Glib2.0Ubuntudevel*
Glib2.0Ubuntujammy*
Glib2.0Ubuntunoble*
Glib2.0Ubuntuquesting*

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use