EulerOS Virtualization 2.10.0 : glib2 (EulerOS-SA-2026-2046)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types...

EulerOS Virtualization 2.12.0 : glib2 (EulerOS-SA-2026-2099)

According to the versions of the glib2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line...

TencentOS Server 4: glib2 (TSSA-2026:0277)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0277 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CLSA-2026-1776329620 glib2: Fix of 6 CVEs

CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2025-14512: fix integer overflow in escapebytestring for byte strings with many invalid characters - CVE-2026-1485: fix buffer underflow in content type...

GHSA-5R3V-VC8M-M96G Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport

Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...

CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

SUSE-SU-2026:20493-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-13601: Fixed integer overflow in in gescapeuristring bsc1254297. - CVE-2025-14087: Fixed buffer underflow in GVariant parser leads to heap corruption bsc1254662. - CVE-2025-14512: Fixed integer Overflow in GLib GIO Attribute Escaping...

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

SUSE SLES15 Security Update : glib2 (SUSE-SU-2026:0458-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0458-1 advisory. - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. -...

GHSA-G966-83W7-6W38 FrankenPHP's unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FrankenPHP

Summary FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the original path. Because strings.ToLower in Go can increase the...

PT-2026-7872

Name of the Vulnerable Software and Affected Versions FrankenPHP versions prior to 1.11.2 Description FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path bu...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encodi...

SUSE-SU-2026:0458-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GLib vulnerabilities (USN-8017-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8017-1 advisory. It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting ...

USN-8017-1: GLib vulnerabilities

It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-1484 It was discovered that GLib incorrectly parsed certain treemagic files. An attacker could...

USN-8017-1 glib2.0 vulnerabilities

It was discovered that GLib incorrectly parsed large Base64 data. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-1484 It was discovered that GLib incorrectly parsed certain treemagic files. An attacker could...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glib2 (SUSE-SU-2026:0373-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0373-1 advisory. - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in...

SUSE SLES12 Security Update : glib2 (SUSE-SU-2026:0372-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0372-1 advisory. - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484:...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encodi...

SUSE-SU-2026:0372-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing bsc1257354. - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64...