Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-1472

Published: 5 February 2015

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

Notes

AuthorNote
tyhicks
Introduced by upstream commit 3f8cc204fdd0, which is not present in
Lucid.
mdeslaur
fixed by any/cvs-wscanf.diff in vivid

Priority

Medium

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
upstream Needed

lucid Not vulnerable
(ADDW doesn't realloc)
precise
Released (2.15-0ubuntu10.11)
trusty
Released (2.19-0ubuntu6.6)
utopic Does not exist

glibc
Launchpad, Ubuntu, Debian
upstream Needed

lucid Does not exist

precise Does not exist

trusty Does not exist

utopic
Released (2.19-10ubuntu2.3)
Patches:
upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06