Candidate: CVE-2014-9474
PublicDate: 2017-10-10 01:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474
 https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
Description:
 Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11
 allows context-dependent attackers to have unspecified impact via vectors
 related to incorrect documentation for mpn_set_str.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772008
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_mpfr4:
 upstream: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
upstream_mpfr4: released (3.1.2-2)
lucid_mpfr4: DNE
precise_mpfr4: ignored (reached end-of-life)
precise/esm_mpfr4: ignored (end of ESM support, was needed)
trusty_mpfr4: ignored (reached end-of-life)
trusty/esm_mpfr4: needed
utopic_mpfr4: ignored (reached end-of-life)
vivid_mpfr4: not-affected (3.1.2-2)
vivid/stable-phone-overlay_mpfr4: DNE
vivid/ubuntu-core_mpfr4: not-affected (3.1.2-2)
wily_mpfr4: not-affected (3.1.2-2)
xenial_mpfr4: not-affected (3.1.2-2)
esm-infra/xenial_mpfr4: not-affected (3.1.2-2)
yakkety_mpfr4: not-affected (3.1.2-2)
zesty_mpfr4: not-affected (3.1.2-2)
artful_mpfr4: not-affected (3.1.2-2)
bionic_mpfr4: not-affected (3.1.2-2)
cosmic_mpfr4: not-affected (3.1.2-2)
disco_mpfr4: not-affected (3.1.2-2)
eoan_mpfr4: not-affected (3.1.2-2)
focal_mpfr4: not-affected (3.1.2-2)
groovy_mpfr4: not-affected (3.1.2-2)
hirsute_mpfr4: not-affected (3.1.2-2)
impish_mpfr4: not-affected (3.1.2-2)
jammy_mpfr4: not-affected (3.1.2-2)
devel_mpfr4: not-affected (3.1.2-2)