Buffer overflow in Editorconfig Editorconfig-core-c

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

Affected products

Editorconfig Editorconfig-core-c — versions < 0.12.11

Weakness classification (CWE)

References

https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-97xg-vrcq-254h (x_refsource_CONFIRM)
https://github.com/editorconfig/editorconfig-core-c/commit/5159be88ad50641d9843289adda791ba300421ff (x_refsource_MISC)
https://github.com/editorconfig/editorconfig-core-c/releases/tag/v0.12.11 (x_refsource_MISC)