A vulnerability in the posix_memalign function in the GNU glibc library could allow a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to an integer overflow condition in the posix_memalign function, which is used by the memalign functions of the affected software. These functions could trigger heap corruption by returning a pointer to a heap area that is too small. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code or cause a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
GNU.org has confirmed the vulnerability and released a software patch.