VDB
GCVE-110-MAGEIA-2015-13
GCVE-110-MAGEIA-2015-13
Advisory Published
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc)
2.5, 2.12, and probably other versions does not "properly restrict the use of"
the alloca function when allocating the SPECS array, which allows context-
dependent attackers to bypass the FORTIFY_SOURCE format-string protection
mechanism and cause a denial of service (crash) or possibly execute arbitrary
code via a crafted format string using positional parameters and a large
number of format specifiers (CVE-2012-3406).
The nss_dns implementation of getnetbyname could run into an infinite loop
if the DNS response contained a PTR record of an unexpected format
(CVE-2014-9402).
Also glibc lock elision (new feature in glibc 2.18) has been disabled
as it can break glibc at runtime on newer Intel hardware (due to hardware
bug)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | timezone | 0 (affected), 2015a-1.mga4 (unaffected) | — |
| Mageia | php-timezonedb | 0 (affected), 2015.1-1.mga4 (unaffected) | — |
| Mageia | glibc | 0 (affected), 2.18-9.8.mga4 (unaffected), 0 (affected), 2.18-9.8.mga4 (unaffected) | — |
References
Browse GCVE Records
73,196 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.