The vulnerability arises when an application calls a scanf family function with the %mc conversion specifier and includes an explicit width larger than 1024. This causes a one‑byte overflow on a heap buffer, potentially corrupting adjacent memory. The affected conversion can overwrite adjacent heap objects, leading to undefined behavior that could allow an attacker to corrupt data, trigger a crash, or, with additional conditions, achieve remote code execution. The flaw is characterized as a classic heap buffer overflow (CWE‑122).

Systems using the GNU C Library (glibc) versions 2.7 through 2.43 are affected, which covers most Linux distributions and any applications that link against these glibc releases. Users who run binaries built against these library versions, especially those that process untrusted input with scanf and include a %mc specifier, are at risk.

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that no widespread exploit activity has been reported thus far. The CVSS score is not provided, so the severity is uncertain; however, because the overflow is off‑by‑one and limited to a single byte, the exploitation difficulty is moderate, requiring the attacker to supply input that passes through a scanf with a large width. The likely attack vector is a local or remote user passing specially crafted data to a vulnerable process, and the impact could be denial of service or, with sufficient control, privilege escalation or arbitrary code execution.