Published: 01/05/2017 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils 2.28

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 228, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library ...

directed_fuzzing mjs mjs_mk_string base: 0x1320 target function add, name : 0x1b103,mjs_mk_string CVE-2016-9827(listswf) _iprintf function in outputtxtc base: 0x2240 target function add, name : 0x236d,_iprintf CVE-2017-7578(swftophp) parseSWF_RGBA in parserc base: 0x2250 target function add, name : 0x115c7,parseSWF_RGBA objdump-CVE-2017-8392 _bfd_dwarf2_find_nearest_line bas

CWE-476 https://sourceware.org/bugzilla/show_bug.cgi?id=21409 https://security.gentoo.org/glsa/201709-02 https://nvd.nist.gov https://github.com/choi0316/directed_fuzzing https://access.redhat.com/security/cve/cve-2017-8392

CVE-2017-8392

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect