CVE-2026-5450
published 2026-04-20CVE-2026-5450: Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnu | glibc | — | — |
| gnu | glibc | 2.7 – 2.43 | — |
| the_gnu_c_library | glibc | >= 2.7 < * | * |