CVE-2014-6040 Information

Description

GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \0xffff\ to the iconv function when converting (1) IBM933 (2) IBM935 (3) IBM937 (4) IBM939 or (5) IBM1364 encoded data to UTF-8.

Reference

http://linux.oracle.com/errata/ELSA-2015-0016.html http://secunia.com/advisories/62100 http://secunia.com/advisories/62146 http://ubuntu.com/usn/usn-2432-1 http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 https://security.gentoo.org/glsa/201602-02 https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6