Unrated severityNVD Advisory· Published Feb 10, 2014· Updated Apr 29, 2026

CVE-2012-3405

Description

The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404.

Affected products

GNU/Glibc
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
Red Hat/Enterprise Virtualization
cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000