CVE-2023-24056

CVE-2023-24056 affects pkgconf up to 1.9.3. The issue is a root cause in libpkgconf/tuple.c:pkgconf_tuple_parse where variable duplication can cause unbounded string expansion (e.g., a small .pc expanded to billions of bytes), leading to memory/resource exhaustion. IBM bulletins for Cloud Pak pro...

CVE-2018-1000221

Affected software: pkgconf up to version 1.5.2. Vulnerability: buffer overflow in dequote() when initial length is 0, potentially leading to overflow through a specially crafted .pc file. Impact/Severity: reported as high/critical in CVSS terms (C/H/I/H/A/H per provided metrics). Status/Fix: vuln...