VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 5, 2014· Updated May 6, 2026

CVE-2014-6040

CVE-2014-6040

Description

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GNU C Library (glibc) before 2.20 has an out-of-bounds read crash in iconv when converting IBM933/935/937/939/1364 data to UTF-8 with a 0xffff multibyte character.

Vulnerability

GNU C Library (glibc) versions before 2.20 contain an out-of-bounds read vulnerability in the iconv function when converting encoded data from IBM code pages IBM933, IBM935, IBM937, IBM939, or IBM1364 to UTF-8. The flaw is triggered by supplying a multibyte character value of 0xffff as input, which causes an invalid memory read and results in a denial of service via application crash. The bug affects all glibc releases prior to the fix included in version 2.20, and was also addressed in downstream distributions such as Oracle Linux 6 (glibc-2.12-1.149.2) and Ubuntu 12.04 LTS [1][3][4].

Exploitation

An attacker can trigger the crash by delivering crafted multibyte data containing a 0xffff character value to any application that calls iconv with one of the affected IBM code page converters. No special privileges are required beyond the ability to supply input to such an application (e.g., via network service, file upload, or user interaction). The exploitation is straightforward: the malicious input is processed during the conversion routine, leading to an out-of-bounds read and a segmentation fault, as confirmed by the bug report and upstream fix [2][3][4].

Impact

Successful exploitation causes a denial of service by crashing the calling application. The impact is limited to availability; there is no evidence of information disclosure or code execution. Attackers can repeatedly send malicious input to cause persistent service disruption. The severity is considered moderate in downstream advisories [1][3].

Mitigation

All glibc versions from 2.16 to 2.20 are vulnerable. The fix was committed upstream for glibc 2.20 (referenced in the bug tracker as bug 17325). Oracle Linux released an updated package (glibc-2.12-1.149.2) in ELSA-2015-0016 on 2015-01-07 [1]. Ubuntu published USN-2432-1 on 2014-12-03 providing fixed packages for Ubuntu 12.04 LTS [3]. Users should upgrade to the latest glibc from their distribution vendor. No workaround is available other than applying the patch or update; there is no known KEV listing for this CVE.

References
  1. linux.oracle.com | ELSA-2015-0016
  2. About Secunia Research | Flexera
  3. USN-2432-1: GNU C Library vulnerabilities | Ubuntu security notices | Ubuntu
  4. security - Re: CVE request: glibc character set conversion from IBM code pages

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

31
  • GNU/Glibc30 versions
    cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.19
    • cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
    • (no CPE)range: <2.20
  • osv-coords
    pkg:rpm/opensuse/glibc&distro=openSUSE%20Tumbleweed
    Range: < 2.24-2.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

12

News mentions

0

No linked articles in our index yet.