Ivan Maidanski

**Name of the Vulnerable Software and Affected Versions** gc versions 7.1 libgc versions prior to 7.2 **Description** The issue is related to multiple integer overflows in the `GC generic malloc` and `calloc` functions in `malloc.c`, and the `GC generic malloc ignore off page` function in `mallocx.c`. This can make it easier for attackers to perform memory-related attacks, such as buffer overflows, via a large size value, which causes less memory to be allocated than expected. The exploitation of this issue can be done remotely and may lead to a violation of the integrity of protected information. **Recommendations** For gc versions 7.1, consider updating to version 7.2 or later to resolve the issue. For libgc versions prior to 7.2, update to version 7.2 or later to fix the integer overflows in the `GC generic malloc`, `calloc`, and `GC generic malloc ignore off page` functions. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available.