CVE-2018-17942
The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing.
8.8CVSS
8.7AI Score
0.008EPSS