Wind River Support Network


LIN6-9740 : Security Advisory - glibc - CVE-2015-1472

Created: Apr 16, 2015    Updated: Feb 25, 2019
Resolved Date: May 8, 2015
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Toolchain


The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.


1. Configure a clean project using:

2. Apply patch manually with the following steps:
  make -C build eglibc-sourcery-compile.patch
  make -C build eglibc-sourcery-compile.devshell
  patch -Np1 < /path-to/CVE-2015-1472-wscanf-allocates-too-little-memory-WR6.patch
  exit #from devshell
  make fs

Other Downloads

Live chat