scanf %mc off-by-one heap buffer overflow
Summary
| CVE | CVE-2026-5450 |
|---|---|
| State | PUBLISHED |
| Assigner | glibc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-20 21:16:36 UTC |
| Updated | 2026-04-20 21:16:36 UTC |
| Description | Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. |
Risk And Classification
Problem Types: CWE-122 | CWE-122 CWE-122 Heap-based buffer overflow
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | The GNU C Library | Glibc | affected 2.7 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| inbox.sourceware.org/libc-announce/[email protected]/T | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | inbox.sourceware.org | |
| sourceware.org/bugzilla/show_bug.cgi | 3ff69d7a-14f2-4f67-a097-88dee7810d18 | sourceware.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Rocket Ma (en)
There are currently no legacy QID mappings associated with this CVE.