Integer Overflow in vfprintf Function in glibc Allows Format String Attacks and Arbitrary Memory Write

Integer Overflow in vfprintf Function in glibc Allows Format String Attacks and Arbitrary Memory Write

CVE-2012-0864 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

Learn more about our Web Application Penetration Testing UK.