CVE-2026-1484

NameCVE-2026-1484
DescriptionA flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glib2.0 (PTS)bullseye2.66.8-1+deb11u4vulnerable
bullseye (security)2.66.8-1+deb11u7vulnerable
bookworm2.74.6-2+deb12u8vulnerable
bookworm (security)2.74.6-2+deb12u2vulnerable
trixie2.84.4-3~deb13u2vulnerable
forky, sid2.86.3-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glib2.0source(unstable)(unfixed)

Notes

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4978
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979
Search for package or bug name: Reporting problems