Published: 19/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote malicious users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu binutils 2.28

The ieee_archive_p function in bfd/ieeec in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 228, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file du ...

Source: sourcewareorg/bugzilla/show_bugcgi?id=21581 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer Please find attached the minimized file causing the issue ("Input") and the ASAN report log ("Output") Below is the reduced stacktrace with links to the corresponding source lines on a GitHub mirror The comman ...

CWE-119 https://sourceware.org/bugzilla/show_bug.cgi?id=21581 http://www.securityfocus.com/bid/99114 https://www.exploit-db.com/exploits/42200/https://nvd.nist.gov https://www.exploit-db.com/exploits/42200/https://access.redhat.com/security/cve/cve-2017-9747

CVE-2017-9747

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect