The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1472
1. Configure a clean project using: --with-template=feature/build_libc 2. Apply patch manually with the following steps: make -C build eglibc-sourcery-compile.patch make -C build eglibc-sourcery-compile.devshell patch -Np1 < /path-to/CVE-2015-1472-wscanf-allocates-too-little-memory-WR6.patch exit #from devshell make fs
