Valentin Metz

**Name of the Vulnerable Software and Affected Versions** GNU Coreutils versions prior to 9.4-3.1 **Description** A heap overflow issue exists in the `split` program within GNU Coreutils. The flaw is located in the `line bytes split()` function (src/split.c) and occurs when processing long lines, specifically when using the `--line-bytes` or `-C` option. This can lead to an application crash and a denial of service. The issue was identified during analysis of failures when using the `split` utility to process data transmitted via QR codes. The overflow involves user-controlled data of several hundred bytes in length. **Recommendations** Update GNU Coreutils to version 9.4-3.1 or later.