Fix potential vulnerable cloned function

Open npt-1707 opened this issue 7 months ago • 0 comments

Dear Development team,

I identified another vulnerability in a clone function convert_to_decimal() in extern/hunspell/intl/vasnprintf.c sourced from coreutils/gnulib. These issues, originally reported in CVE-2018-17942, were resolved in the gnulib repository via this commit https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35.

This PR applies the corresponding patch to fix the potential heap memory overrun in this codebase.

Please review at your convenience. Thank you for your time and attention!

May 02 '25 17:05 npt-1707