VYPR
Unrated severityNVD Advisory· Published Apr 8, 2015· Updated Jun 17, 2026

CVE-2015-1473

CVE-2015-1473

Description

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • GNU/Glibc2 versions
    cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.20
    • (no CPE)range: <2.21
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.