CVE-2012-2673

Priority
Medium
Description
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it
easier for context-dependent attackers to perform memory-related attacks
such as buffer overflows via a large size value, which causes less memory
to be allocated than expected.
References
Bugs
Assigned-to
sbeattie
Package
Source: libgc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1:7.1-8ubuntu0.12.04.1)
Patches:
Patch:https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1
Patch:https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a
Patch:https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3
Patch:https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb
Patch:http://anonscm.debian.org/gitweb/?p=collab-maint/libgc.git;a=commitdiff;h=4dd893dc29bdf10a61734cfc863ec035364c72e7
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:40 UTC (commit 9756)