CVE-2017-7476: gnulib: Out-of-bounds write by setting a large TZ variable

Severity: Critical

CVSS Score: 9.8

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.