The vulnerability occurs when an application invokes a scanf family function with the %mc conversion specifier and specifies an explicit width greater than 1024. This causes an off‑by‑one write on a heap buffer and can corrupt adjacent memory. The resulting memory corruption falls under CWE‑122, CWE‑131, and CWE‑787, and may lead to program crash, data integrity loss, or, if an attacker can influence subsequent execution, remote code execution.

All systems that link against the GNU C Library between versions 2.7 and 2.43 are affected. This includes most Linux distributions, as well as applications compiled against these glibc releases. Users running binaries that compile with the unmodified library and that process external input via scanf with the %mc specifier are at risk.

The EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of widespread exploitation at present. The CVSS score of 9.8 reflects a high severity due to the potential for arbitrary memory overwrite on the heap. Based on the description, the likely attack vector is an attacker supplying crafted input that is handled by scanf with a large width, which may be local or remote depending on the application. Exploitation requires reaching the vulnerable scanf call, but because the overflow is only one byte, the difficulty is moderate; an attacker must control the input boundary to influence neighboring heap objects or trigger a crash. If an application can be coerced to execute arbitrary code after the heap corruption, privilege escalation or remote code execution may be achieved.