Description
Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.
References (5)
Scores
EPSS
0.1486
EPSS Percentile
94.5%
Details
CWE
CWE-134
Status
published
Products (5)
mcrypt/mcrypt
2.6.4
mcrypt/mcrypt
2.6.5
mcrypt/mcrypt
2.6.6
mcrypt/mcrypt
2.6.7
mcrypt/mcrypt
< 2.6.8
Published
Nov 21, 2012
Tracked Since
Feb 18, 2026