glibc 2.7-2.43 %mc scanf causes 1byte heap overflow
CVE-2026-5450 Published on April 20, 2026

scanf %mc off-by-one heap buffer overflow
Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-5450

Want to know whenever a new CVE is published for GNU Glibc? stack.watch will email you.

GNU Glibc

Affected Versions

The GNU C Library glibc:

Version 2.7 and below * is affected.

glibc 2.7-2.43 %mc scanf causes 1byte heap overflowCVE-2026-5450 Published on April 20, 2026

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2026-5450

Affected Versions

glibc 2.7-2.43 %mc scanf causes 1byte heap overflow
CVE-2026-5450 Published on April 20, 2026