CVE-2017-16831
published 2017-11-15CVE-2017-16831: coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | binutils | < binutils 2.29.90.20180122-1 (bookworm) | binutils 2.29.90.20180122-1 (bookworm) |
| gnu | binutils | — | — |
| gnu | binutils | >= 0 < 2.29.90.20180122-1 | 2.29.90.20180122-1 |
| gnu | binutils | >= 0 < 2.29.90.20180122-1 | 2.29.90.20180122-1 |
| gnu | binutils | >= 0 < 2.29.90.20180122-1 | 2.29.90.20180122-1 |
| gnu | binutils | >= 0 < 2.29.90.20180122-1 | 2.29.90.20180122-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH