Following CVE has been published recently:
The issue is observed in case that:
- with old glibc (before 2.23) and
- printf family function has specific argument (80-bit long double with a non-canonical bit pattern)
As the issue is limitted to 32-bit environment, therefore SPE version 7.8 or later are not impacted as these are 64-bit application now.
And SPE versions ealier than SPE 7.8 are not neither as SPE does not take user input directly in the usage of printf fuctions.
But this vulnerability applies all the application, therefore it's recommended to apply vendor provided patches in case that users environment has impacted versions of glibc.