CVE-2012-3480 : Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strto

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.

Published 2012-08-25 10:29:52

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Products affected by CVE-2012-3480

GNU » Glibc » Version: 2.16
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-3480

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3480

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-3480

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3480

http://osvdb.org/84710
http://www.openwall.com/lists/oss-security/2012/08/13/6

oss-security - Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://secunia.com/advisories/50422

Sign in
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html

[SECURITY] Fedora 17 Update: glibc-2.15-56.fc17
https://security.gentoo.org/glsa/201503-04

GNU C Library: Multiple vulnerabilities (GLSA 201503-04) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/54982

GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities
http://www.openwall.com/lists/oss-security/2012/08/13/4

oss-security - CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
http://rhn.redhat.com/errata/RHSA-2012-1208.html

RHSA-2012:1208 - Security Advisory - Red Hat Customer Portal
http://sourceware.org/bugzilla/show_bug.cgi?id=14459

14459 – (CVE-2012-3480) strtod integer and buffer overflows (CVE-2012-3480)
http://www.securitytracker.com/id?1027374

Glibc stdlib Buffer Overflows May Let Local Users Gain Elevated Privileges - SecurityTracker
http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html

Joseph S. Myers - Fix strtod integer/buffer overflow (bug 14459)
http://rhn.redhat.com/errata/RHSA-2012-1207.html

RHSA-2012:1207 - Security Advisory - Red Hat Customer Portal
http://rhn.redhat.com/errata/RHSA-2012-1325.html

RHSA-2012:1325 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1262.html

RHSA-2012:1262 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1589-1

USN-1589-1: GNU C Library vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://secunia.com/advisories/50201

Sign in
Vendor Advisory

Jump to

Vulnerability Details : CVE-2012-3480

Products affected by CVE-2012-3480

Exploit prediction scoring system (EPSS) score for CVE-2012-3480

CVSS scores for CVE-2012-3480

CWE ids for CVE-2012-3480

References for CVE-2012-3480