CVE-2019-9074 — Out-of-bounds Read in Binutils
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 24
Latest updateMay 13
Description
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages2 packages
Also affects: Ubuntu Linux 18.04
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-cf6f-gv74-vg73: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2022-05-13
CVEList▶
CVE-2019-9074: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-02-24
OSV▶
CVE-2019-9074: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2↗2019-02-24
📋Vendor Advisories
5Microsoft▶
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when calle↗2019-02-12
Debian▶
CVE-2019-9074: binutils - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd)...↗2019