Vulnerability Details CVE-2016-9558
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2016/11/19/6
- http://www.openwall.com/lists/oss-security/2016/11/23/3
- http://www.securityfocus.com/bid/94491
- https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/
- https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
- https://www.prevanders.net/dwarfbug.html
- http://www.openwall.com/lists/oss-security/2016/11/19/6
- http://www.openwall.com/lists/oss-security/2016/11/23/3
- http://www.securityfocus.com/bid/94491
- https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/
- https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
- https://www.prevanders.net/dwarfbug.html
Products affected by CVE-2016-9558
-
cpe:2.3:a:libdwarf_project:libdwarf:1999-12-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2000-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2000-07-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-05-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-06-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-08-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-10-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-11-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-04-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-10-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-10-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-12-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-01-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-02-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-03-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-11-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-02-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-03-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-05-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-07-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-07-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-08-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-10-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-10-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-11-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-11-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-12-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-02-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-21
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-06-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-09-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-11-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-12-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-20
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-04-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-05-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-05-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-09-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-10-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-10-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-12-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-12-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-01-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-02-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-02-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-04-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-06-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-06-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-08-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-09-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-10-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-10-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-11-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-12-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-03-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-03-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-05-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-06-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-07-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-07-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-10-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-11-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-12-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-12-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-02-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-02-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-03-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-04-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-06-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-08-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-09-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-01-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-09-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-10-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-10-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-12-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-04-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-11-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-11-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-20
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-02-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-02-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-03-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-06-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-07-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-07-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-11-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-12-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-03-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-01-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-03-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-09-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-09-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-10-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-10-21