Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
Max CVSS
5.1
EPSS Score
0.97%
Published
2005-05-02
Updated
2008-09-05
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
Max CVSS
4.6
EPSS Score
0.10%
Published
2002-04-22
Updated
2008-09-11
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.
Max CVSS
4.6
EPSS Score
0.13%
Published
2002-04-22
Updated
2008-09-11
3 vulnerabilities found