CVE-2012-2673

Name of the Vulnerable Software and Affected Versions gc versions 7.1 libgc versions prior to 7.2

Description The issue is related to multiple integer overflows in the GC generic malloc and calloc functions in malloc.c, and the GC generic malloc ignore off page function in mallocx.c. This can make it easier for attackers to perform memory-related attacks, such as buffer overflows, via a large size value, which causes less memory to be allocated than expected. The exploitation of this issue can be done remotely and may lead to a violation of the integrity of protected information.

Recommendations For gc versions 7.1, consider updating to version 7.2 or later to resolve the issue. For libgc versions prior to 7.2, update to version 7.2 or later to fix the integer overflows in the GC generic malloc, calloc, and GC generic malloc ignore off page functions. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available.