CVE-2026-5450
Received Received - Intake
Heap Buffer Overflow in GNU C Library scanf %mc with Large Width

Publication date: 2026-04-20

Last updated on: 2026-04-23

Assigner: GNU C Library

Description
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-20
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5450
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu glibc From 2.7 (inc) to 2.43 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the GNU C Library versions 2.7 to 2.43 when using the scanf family of functions with the %mc format specifier. If a format width specifier is used with an explicit width greater than 1024, it can cause a one byte heap buffer overflow.

Impact Analysis

The one byte heap buffer overflow caused by this vulnerability could potentially lead to memory corruption. This might be exploited by an attacker to cause a program crash, unexpected behavior, or possibly execute arbitrary code, depending on the context in which the vulnerable function is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5450. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart