From ${URL} : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv() segfaults. Version-Release number of selected component (if applicable): glibc-2.5-81.el5_8.2 How reproducible: Always Steps to Reproduce: Run the following command: echo '0x0e 0x43 0x8c 0xff 0xff 0x43 0xbd 0x43 0xbd' | xxd -r | iconv -f IBM930 -t UTF-8 Actual results: Segfault Expected results: サiconv: illegal input sequence at position 3 @maintainer(s): since the fixed version is already stable, please remove the affected versions from the tree.
New GLSA request filed
Maintainer(s), please drop the vulnerable version(s).
Florian Weimer 2014-08-29 09:59:27 UTC Fixed in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5, which went into glibc 2.16.
This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
