Fluid Attacks Database

Description

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	glib2.0	=2.74.6-2 \|\| =2.74.6-2+deb12u1 \|\| =2.74.6-2+deb12u2 \|\| =2.74.6-2+deb12u3 \|\| =2.74.6-2+deb12u4 \|\| =2.74.6-2+deb12u5 \|\| =2.74.6-2+deb12u6 \|\| =2.74.6-2+deb12u7 \|\| =2.74.6-2+deb12u8 \|\| >=0 <2.74.6-2+deb12u9	2.74.6-2+deb12u9
debian 13	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| >=0 <2.84.4-3~deb13u3	2.84.4-3~deb13u3
debian 11	glib2.0	=2.66.8-1 \|\| =2.66.8-1+deb11u1 \|\| =2.66.8-1+deb11u2 \|\| =2.66.8-1+deb11u3 \|\| =2.66.8-1+deb11u4 \|\| =2.66.8-1+deb11u5 \|\| =2.66.8-1+deb11u6 \|\| =2.66.8-1+deb11u7 \|\| >=0 <2.66.8-1+deb11u8	2.66.8-1+deb11u8
debian 14	glib2.0	=2.84.3-1 \|\| =2.84.4-1 \|\| =2.84.4-2 \|\| =2.84.4-3 \|\| =2.84.4-3~deb13u1 \|\| =2.84.4-3~deb13u2 \|\| =2.84.4-3~deb13u3 \|\| =2.85.1-1 \|\| =2.85.1-2 \|\| =2.85.2-2 \|\| =2.85.3-1 \|\| =2.85.4-1 \|\| =2.86.0-1 \|\| =2.86.0-2 \|\| =2.86.0-3 \|\| =2.86.0-4 \|\| =2.86.0-5 \|\| =2.86.0-6 \|\| =2.86.0-7 \|\| =2.86.1-1 \|\| =2.86.1-2 \|\| =2.86.2-1 \|\| =2.86.3-1 \|\| =2.86.3-2 \|\| =2.86.3-3 \|\| =2.86.3-4 \|\| >=0 <2.86.3-5	2.86.3-5
rpm rhel6	glib2	-	-
rpm rhel10	bootc	-	-
rpm rhel8	glib2	-	-
rpm rhel10	rpm-ostree	-	-
rpm rhel9	bootc	-	-
rpm rhel10	glib2	-	-

1-10 of 20

Aliases

1. CVE-2026-14852. NVD-2026-14853. OSV-DEBIAN-2026-14854. OSV-2026-14855. SECURITY-TRACKER-CVE-2026-1485

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.