VDB
GCVE-110-MAGEIA-2016-13
GCVE-110-MAGEIA-2016-13
Advisory Published
It was found that float-parsing code used in Mono before 4.2 is derived
from code vulnerable to CVE-2009-0689. The issue concerns the 'freelist'
array, which is a global array of 16 pointers to 'Bigint'. This array is
part of a memory allocation and reuse system which attempts to reduce the
number of 'malloc' and 'free' calls. The system allocates blocks in
power-of-two sizes, from 2^0 through 2^15, and stores freed blocks of each
size in a linked list rooted at the corresponding cell of 'freelist'. The
'Balloc' and 'Bfree' functions which operate this system fail to check if
the size parameter 'k' is within the allocated 0..15 range. As a result, a
sufficiently large allocation will have k=16 and treat the word
immediately after 'freelist' as a pointer to a previously-allocated chunk.
The specific results may vary significantly based on the version,
platform, and compiler, since they depend on the layout of variables in
memory. An attacker who can cause a carefully-chosen string to be
converted to a floating-point number can cause a crash and potentially
induce arbitrary code execution.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | q4wine | 1.2.r2-1.1.mga5 (unaffected), 0 (affected) | — |
| Mageia | mono | 3.12.1-1.2.mga5 (unaffected), 0 (affected), 0 (affected), 3.12.1-1.2.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.