MPFR: Denial of service — GLSA 200903-13

Multiple buffer overflows in MPFR might lead to a Denial of Service.

Affected packages

dev-libs/mpfr on all architectures
Affected versions < 2.4.1
Unaffected versions >= 2.4.1

Background

MPFR is a library for multiple-precision floating-point computations with exact rounding.

Description

Multiple buffer overflows have been reported in the mpfr_snprintf() and mpfr_vsnprintf() functions.

Impact

A remote user could exploit the vulnerability to cause a Denial of Service in an application using MPFR via unknown vectors.

Workaround

There is no known workaround at this time.

Resolution

All MPRF users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/mpfr-2.4.1"

References

Release date
March 09, 2009

Latest revision
March 09, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries