CVE-2026-1484: Glib: integer overflow leading to buffer underflow and out-of-bounds write in glib g_base64_encode()
A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.
Security readout for executives and security teams
Plain-English summary
This is a GLib memory-safety flaw in Base64 encoding. Very large data can make GLib miscalculate buffer boundaries, causing writes outside the allocated memory. Business impact is mainly crash or unpredictable application behavior, with limited integrity and availability impact in the supplied CVSS data.
Executive priority
Treat this as a moderate patch-management and exposure-review item, not an emergency based on supplied evidence. Focus first on systems that process external large files or data streams, then track vendor fixes and apply them through normal maintenance windows.
Technical view
CVE-2026-1484 affects GLib g_base64_encode(). Incorrect integer type use during length calculation can cause integer overflow, buffer underflow, and out-of-bounds write. Red Hat rates it medium, CVSS 4.2, with network vector, high complexity, no privileges, user interaction required, and low integrity and availability impact.
Likely exposure
Exposure is most likely where affected Red Hat Enterprise Linux 6, 7, 8, 9, or 10 systems run glib2 or listed dependent packages and applications process untrusted or extremely large data through GLib Base64 encoding.
Exploitation context
The supplied sources do not state active exploitation, and KEV status is false. The CVSS vector indicates exploitation is not straightforward: attack complexity is high and user interaction is required. Evidence for practical exploitability is incomplete in the provided bundle.
Researcher notes
The core issue is CWE-787 out-of-bounds write after integer overflow in GLib Base64 output length handling. The bundle names affected Red Hat packages but does not provide fixed versions, proof-of-concept details, or confirmed exploitation. Avoid assuming all GLib consumers are reachable.
Mitigation direction
Check Red Hat, GNOME GLib, and Siemens advisories for fixed versions or vendor workarounds.
Update affected glib2 and related packages when vendor fixes are available.
Limit untrusted or extremely large data reaching GLib Base64 encoding paths.
Apply input-size controls in applications that encode externally supplied data.
Prioritize internet-facing or automation-heavy systems that process large external files.
Validation and detection
Inventory RHEL systems and packages listed as affected in the source bundle.
Identify applications using GLib g_base64_encode() on untrusted or very large input.
Confirm whether vendor fixed builds or advisories exist for each installed package stream.
Review crash reports for GLib-related memory faults during Base64 encoding.
Test input-size limits and error handling in affected application paths.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-787: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-787 · source CWE mapping
Out-of-bounds Write
Out-of-bounds Write represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.