{"id":"CVE-2024-2961","details":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.","modified":"2026-04-16T04:33:46.409040637Z","published":"2024-04-17T18:15:15.833Z","related":["ALSA-2024:2722","ALSA-2024:3269","ALSA-2024:3339","CGA-29xf-w7w7-wx8c","SUSE-SU-2024:1375-1","SUSE-SU-2024:1675-1","SUSE-SU-2024:1728-1","SUSE-SU-2024:1805-1","SUSE-SU-2024:1977-1","SUSE-SU-2025:20038-1","openSUSE-SU-2024:13877-1","openSUSE-SU-2025:0081-1","openSUSE-SU-2025:14688-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/18/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/24/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/6"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/07/22/5"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/04/17/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/05/27/4"},{"type":"ADVISORY","url":"https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240531-0002/"},{"type":"ARTICLE","url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p1"},{"type":"ARTICLE","url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p2"},{"type":"ARTICLE","url":"https://www.ambionics.io/blog/iconv-cve-2024-2961-p3"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2961.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}]}