CVE-2012-2673: Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function i...

Description

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Metrics

EPSS Probability

2.77%

84.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-189

Affected Software

Vendor	Product	Versions	Update
Boehm-Demers-Weiser	Garbage Collector	<= 7.2	Alpha6
Boehm-Demers-Weiser	Garbage Collector	1.3	—
Boehm-Demers-Weiser	Garbage Collector	1.4	—
Boehm-Demers-Weiser	Garbage Collector	1.5	—
Boehm-Demers-Weiser	Garbage Collector	1.8	—
Boehm-Demers-Weiser	Garbage Collector	1.9	—
Boehm-Demers-Weiser	Garbage Collector	2.0	—
Boehm-Demers-Weiser	Garbage Collector	2.1	—
Boehm-Demers-Weiser	Garbage Collector	2.2	—
Boehm-Demers-Weiser	Garbage Collector	2.3	—
Boehm-Demers-Weiser	Garbage Collector	2.4	—
Boehm-Demers-Weiser	Garbage Collector	3.0	—
Boehm-Demers-Weiser	Garbage Collector	3.1	—
Boehm-Demers-Weiser	Garbage Collector	3.2	—
Boehm-Demers-Weiser	Garbage Collector	3.3	—
Boehm-Demers-Weiser	Garbage Collector	3.4	—
Boehm-Demers-Weiser	Garbage Collector	3.5	—
Boehm-Demers-Weiser	Garbage Collector	3.6	—
Boehm-Demers-Weiser	Garbage Collector	3.7	—
Boehm-Demers-Weiser	Garbage Collector	4.0	—
Boehm-Demers-Weiser	Garbage Collector	4.1	—
Boehm-Demers-Weiser	Garbage Collector	4.2	—
Boehm-Demers-Weiser	Garbage Collector	4.3	—
Boehm-Demers-Weiser	Garbage Collector	4.4	—
Boehm-Demers-Weiser	Garbage Collector	4.5	—
Boehm-Demers-Weiser	Garbage Collector	4.6	—
Boehm-Demers-Weiser	Garbage Collector	4.7	—
Boehm-Demers-Weiser	Garbage Collector	4.8	—
Boehm-Demers-Weiser	Garbage Collector	4.9	—
Boehm-Demers-Weiser	Garbage Collector	4.10	—
Boehm-Demers-Weiser	Garbage Collector	4.11	—
Boehm-Demers-Weiser	Garbage Collector	4.12	—
Boehm-Demers-Weiser	Garbage Collector	4.13	—
Boehm-Demers-Weiser	Garbage Collector	4.14	—
Boehm-Demers-Weiser	Garbage Collector	5.0	—
Boehm-Demers-Weiser	Garbage Collector	5.1	—
Boehm-Demers-Weiser	Garbage Collector	5.2	—
Boehm-Demers-Weiser	Garbage Collector	5.3	—
Boehm-Demers-Weiser	Garbage Collector	5.4	—
Boehm-Demers-Weiser	Garbage Collector	6.0	—
Boehm-Demers-Weiser	Garbage Collector	6.1	—
Boehm-Demers-Weiser	Garbage Collector	6.2	—
Boehm-Demers-Weiser	Garbage Collector	6.3	—
Boehm-Demers-Weiser	Garbage Collector	6.4	—
Boehm-Demers-Weiser	Garbage Collector	6.5	—
Boehm-Demers-Weiser	Garbage Collector	6.6	—
Boehm-Demers-Weiser	Garbage Collector	6.7	—
Boehm-Demers-Weiser	Garbage Collector	6.8	—
Boehm-Demers-Weiser	Garbage Collector	6.9	—
Boehm-Demers-Weiser	Garbage Collector	7.0	—

Showing 50 of 52 affected configurations. See NVD for the full list.

References

Timeline

Published: Jul 25, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-2673?

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

How severe is CVE-2012-2673?

Severity scoring for CVE-2012-2673 is pending analysis. The EPSS model estimates a 2.77% probability of exploitation in the next 30 days.

How do I fix CVE-2012-2673?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.