CVE-2016-7544

Name of the Vulnerable Software and Affected Versions Crypto++ version 5.6.4

Description The issue arises from the incorrect usage of Microsoft's stack-based malloca and freea functions in the Crypto++ library. Specifically, when the library requests a block of memory to align a table, and if the table is later reallocated, it could lead to freeing the wrong pointer.

Recommendations For Crypto++ version 5.6.4, consider avoiding reallocation of tables that have been previously aligned in memory until a fix is available. As a temporary workaround, review and modify the memory allocation and deallocation code to correctly handle table reallocations and avoid freeing incorrect pointers.