What the vulnerability does

01Description

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Key dates

02Disclosure timeline

April 17, 2024 CVE published
May 12, 2026 Record updated