CVE-2012-3480

Name of the Vulnerable Software and Affected Versions GNU C Library (aka glibc or libc6) version 2.16

Description The issue is caused by multiple integer overflows in various functions, including strtod, strtof, strtold, and strtod l, within the stdlib component of the GNU C Library. This can lead to a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. The exploitation occurs when a long string is used, triggering a stack-based buffer overflow.

Recommendations For GNU C Library (aka glibc or libc6) version 2.16, consider updating to a newer version that addresses the integer overflows in the affected functions. As a temporary workaround, restrict the use of the strtod, strtof, strtold, and strtod l functions to minimize the risk of exploitation. Avoid using long strings that could trigger the stack-based buffer overflow in these functions.