CVE-2026-1489 - CVE | ByteOS Network

CVE Vulnerability Details :

CVE-2026-1489

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-27 Jan, 2026 | 14:26

Updated At-03 Feb, 2026 | 20:02

▼CVE Numbering Authority (CNA)

Glib: glib: memory corruption via integer overflow in unicode case conversion

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.

Affected Products

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

bootc

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glib2

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glycin-loaders

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

loupe

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

mingw-glib2

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

papers

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 10

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

rpm-ostree

CPEs

cpe:/o:redhat:enterprise_linux:10

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 6

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glib2

CPEs

cpe:/o:redhat:enterprise_linux:6

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 7

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glib2

CPEs

cpe:/o:redhat:enterprise_linux:7

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 8

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glib2

CPEs

cpe:/o:redhat:enterprise_linux:8

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 8

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

librsvg2

CPEs

cpe:/o:redhat:enterprise_linux:8

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 8

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

mingw-glib2

CPEs

cpe:/o:redhat:enterprise_linux:8

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 9

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

bootc

CPEs

cpe:/o:redhat:enterprise_linux:9

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 9

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

glib2

CPEs

cpe:/o:redhat:enterprise_linux:9

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 9

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

librsvg2

CPEs

cpe:/o:redhat:enterprise_linux:9

Default Status

affected

Vendor

Product

Red Hat Enterprise Linux 9

Collection URL

https://access.redhat.com/downloads/content/package-browser/

Package Name

mingw-glib2

CPEs

cpe:/o:redhat:enterprise_linux:9

Default Status

affected

Problem Types

Type	CWE ID	Description
CWE	CWE-787	Out-of-bounds Write

Type: CWE

CWE ID: CWE-787

Description: Out-of-bounds Write

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Metrics Other Info

Red Hat severity rating

value:

Moderate

namespace:

https://access.redhat.com/security/updates/classification/

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Credits

Red Hat would like to thank treeplus for reporting this issue.

Timeline

Event	Date
Reported to Red Hat.	2026-01-27 13:59:19
Made public.	2026-01-27 00:00:00

Event: Reported to Red Hat.

Date: 2026-01-27 13:59:19

Event: Made public.

Date: 2026-01-27 00:00:00

References

Hyperlink	Resource
https://access.redhat.com/security/cve/CVE-2026-1489	vdb-entry x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2433348	issue-tracking x_refsource_REDHAT

Hyperlink: https://access.redhat.com/security/cve/CVE-2026-1489

Resource:

vdb-entry

x_refsource_REDHAT

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2433348

Resource:

issue-tracking

x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info