glibc: incorrect size calculation in formatted printing can lead to FORTIFY_SOURCE format string protection bypass

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service stack...

glibc: incorrect use of extend_alloca() in formatted printing can lead to FORTIFY_SOURCE format string protection bypass

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library aka glibc 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string protection mechanism and cause a denial of service segmentati...

glibc security and bug fix update

2.5-81.el58.4 - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930 837896 2.5-81.el58.3 - Fix unbound alloca in vfprintf 833720...

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFYSOURCE format-string...

glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

PT-2013-1211 · Gnu +3 · Glibc +3

Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.15-r3 Description: The issue concerns multiple vulnerabilities in the glibc package, which can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation can occur locally...

glibc multiple security vulnerabilities

memcpy integer overflow, RPC DoS, vfprintf integer overflow...

USN-1396-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library did not properly handle integer overflows in the timezone handling code. An attacker could use this to possibly execute arbitrary code by convincing an application to load a maliciously constructed tzfile. CVE-2009-5029 It was discovered that the GNU C...

CVE-2012-0864

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFYSOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments...

VLC Media Player 0.8.6 (udp://) Format String Exploit (x86)

Exploit for macOS platform in category local exploits =========================================================== VLC Media Player 0.8.6 udp:// Format String Exploit x86 =========================================================== !/usr/bin/perl http://www.digitalmunition.com/VLCMediaSlayer-x86.pl...

gpsdrive <= 2.09 (friendsd2) Remote Format String Exploit (ppc)

Exploit for linux platform in category remote exploits =============================================================== gpsdrive = 2.09 friendsd2 Remote Format String Exploit ppc =============================================================== !/usr/bin/perl -w Heh - Code by KF...