CVE-2014-6040
Published: 2 September 2014
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(2.11.1-0ubuntu7.19)
|
|
precise |
Released
(2.15-0ubuntu10.9)
|
|
trusty |
Released
(2.19-0ubuntu6.4)
|
|
utopic |
Does not exist
|
|
glibc Launchpad, Ubuntu, Debian |
upstream |
Released
(2.20)
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
utopic |
Released
(2.19-10ubuntu2.1)
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=41488498b6d9440ee66ab033808cce8323bba7ac |