Vulnerability Details CVE-2017-14129
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/100624
- https://security.gentoo.org/glsa/201801-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=22047
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=e4f2723003859dc6b33ca0dadbc4a7659ebf1643
- http://www.securityfocus.com/bid/100624
- https://security.gentoo.org/glsa/201801-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=22047
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=e4f2723003859dc6b33ca0dadbc4a7659ebf1643