CVE-2015-1472

GNU C Library <2.21 - Buffer Overflow

Title source: llm
STIX 2.1

Description

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201602-02
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2519-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72428
Patch mailing-list x_refsource_mlist
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2015/02/04/1
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jun/18
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/14
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Sep/7
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/7

Scores

EPSS 0.0306
EPSS Percentile 86.9%

Details

CWE
CWE-119
Status published
Products (5)
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
gnu/glibc < 2.20
Published Apr 08, 2015
Tracked Since Feb 18, 2026