CVE-2018-17942

The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt