[Pkg-scicomp-devel] Bug#441478: [ptb at inv.it.uc3m.es: Bug#441478: libglpk0: security flaw buffer overflow in glplib05.c xvprintf]

[Rafael Laboissiere]

* Andrew Makhorin <mao at gnu.org> [2007-09-14 15:04]:

> > Even though _glp_lib_xprintf is not declared in glpk.h, it is available in
> > libglpk.so and malicious programs *_can_* be written that could exploit the
> > vulnerability.
>     
> I see no way how to hide such internal routines from the linker.

I do not know either.  I am afraid the buffer overflow vulnerability is a
real problem in GLPK.

-- 
Rafael