Red Hat Bugzilla – Bug 828839
CVE-2012-2676 hoard: malloc() and calloc() size overflows
Last modified: 2015-07-31 02:51:37 EDT
A security flaw was found in the way malloc() and calloc() routines implementation in Hoard, a fast, scalable, and memory-efficient allocator, performed validation of their arguments for overflows. If an application using Hoard memory allocator was missing application-level malloc() and calloc() routines arguments validity checks, a remote attacker could provide a specially-crafted application-specific input file, leading to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
Based on  there doesn't seem to be upstream patch yet.
Based on , this issue affects the v3.8 versions (thus also those, which are currently being shipped in Fedora release of 15, 16, and 17) of Hoard.
Please schedule an update for these hoard versions, once there is final upstream patch available.
Created hoard tracking bugs for this issue
Affects: fedora-all [bug 828841]
I have notified upstream myself, as soon as an update comes around I will provide it.
The CVE identifier of CVE-2012-2676 has been assigned to this issue:
(In reply to comment #3)
> I have notified upstream myself, as soon as an update comes around I will
> provide it.
Thanks, Ryan. Would you need a way how to reproduce this issue, contact Xi Wang (original issue reporter) 
Ok, will do. It seems there is a fix in the works. to be released soon.