{"id":"MGASA-2023-0077","summary":"Updated pkgconf packages fix security vulnerability","details":"In pkgconf through 1.9.3, variable duplication can cause unbounded string\nexpansion due to incorrect checks in\nlibpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing\na few hundred bytes can expand to one billion bytes. (CVE-2023-24056)\n","modified":"2026-04-16T04:41:47.222925215Z","published":"2023-03-01T21:14:31Z","upstream":["CVE-2023-24056"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0077.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31536"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZWDULBZHRPQHGUXNQ3HNNHRJ3YXPJ7QH/"}],"affected":[{"package":{"name":"pkgconf","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/pkgconf?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.3-2.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0077.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}