CVE-2026-5450 | THREATINT

Description

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

PUBLISHED Reserved 2026-04-02 | Published 2026-04-20 | Updated 2026-04-21 | Assigner glibc

Problem types

CWE-122 Heap-based buffer overflow

Product status

Default status

unaffected

2.7 (custom) before *

affected

Credits

Rocket Ma finder

References

sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 exploit

sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450 issue-tracking

inbox.sourceware.org/...4bd6-b9de-9e38a4efeca3@redhat.com/T/ mailing-list

cve.org (CVE-2026-5450)

nvd.nist.gov (CVE-2026-5450)

Download JSON