CVE-2012-0864

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.15-r3

Description The issue concerns multiple vulnerabilities in the glibc package, which can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation can occur locally. Specifically, an integer overflow in the vfprintf function allows attackers to bypass the FORTIFY SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.

Recommendations For glibc versions prior to 2.15-r3, update to version 2.15-r3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vfprintf function until a patch is available.