| Package | libgc |
|---|---|
| Version | 1:7.2d-6.4+deb8u1 |
| Related CVEs | CVE-2016-9427 |
libgc, a conservative garbage collector, is vulnerable to integer overflows in multiple places. In some cases, when asked to allocate a huge quantity of memory, instead of failing the request, it will return a pointer to a small amount of memory possibly tricking the application into a buffer overwrite.
For Debian 8 jessie, these problems have been fixed in version 1:7.2d-6.4+deb8u1.
We recommend that you upgrade your libgc packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.