CVE-2016-9480Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libdwarf

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow9 documents7 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 36.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libdwarf Project Libdwarf
Timeline
PublishedNov 29
Latest updateMay 17

Description

libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

3
GHSA
GHSA-28qr-hqrv-mhvr: libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file2022-05-17
OSV
CVE-2016-9480: libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file2016-11-29
CVEList
CVE-2016-9480: libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file2016-11-29

📋Vendor Advisories

2
Red Hat
libdwarf: Heap buffer overflow in dwarf_util.c2016-11-16
Debian
CVE-2016-9480: dwarfutils - libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive infor...2016

💬Community

3
Bugzilla
CVE-2016-9480 libdwarf: Heap buffer overflow in dwarf_util.c2016-11-30
Bugzilla
CVE-2016-9275 CVE-2016-9276 CVE-2016-9480 CVE-2016-9558 libdwarf: various flaws [fedora-all]2016-11-30
Bugzilla
CVE-2016-8679 CVE-2016-8680 CVE-2016-8681 CVE-2016-9480 libdwarf: various flaws [epel-6]2016-10-17
CVE-2016-9480 — Libdwarf Project Libdwarf vulnerability | cvebase