CVE-2009-4880

Priority
Description
Multiple integer overflows in the strfmon implementation in the GNU C
Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent
attackers to cause a denial of service (memory consumption or application
crash) via a crafted format string, as demonstrated by a crafted first
argument to the money_format function in PHP, a related issue to
CVE-2008-1391.
Package
Upstream:released (2.12)
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:51:49 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)