VDB

GCVE-110-MAGEIA-2016-396

GCVE-110-MAGEIA-2016-396
Advisory Published
Vulnetix · Advisory published November 23, 2016
It was found that flex incorrectly resized the num_to_read variable in yy_get_next_buffer. The buffer is resized if this value is less or equal to zero. With special crafted input it is possible, that the buffer is not resized if the input is larger than the default buffer size of 16k. This allows a heap buffer overflow. It may be possible to exploit this remotely, depending on the application that is built using flex (CVE-2016-6354). Note that any affected applications would need to be rebuilt with the updated flex to fully fix this issue.

Affected Products

VendorProductVersionsPlatforms
Mageiaflex0 (affected), 2.5.39-3.1.mga5 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›