CVE-2026-5450
Heap Buffer Overflow in GNU C Library scanf %mc with Large Width
Publication date: 2026-04-20
Last updated on: 2026-04-23
Assigner: GNU C Library
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | glibc | From 2.7 (inc) to 2.43 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the GNU C Library versions 2.7 to 2.43 when using the scanf family of functions with the %mc format specifier. If a format width specifier is used with an explicit width greater than 1024, it can cause a one byte heap buffer overflow.
How can this vulnerability impact me? :
The one byte heap buffer overflow caused by this vulnerability could potentially lead to memory corruption. This might be exploited by an attacker to cause a program crash, unexpected behavior, or possibly execute arbitrary code, depending on the context in which the vulnerable function is used.