Candidate: CVE-2017-9055
PublicDate: 2017-05-18 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9055
 https://www.prevanders.net/dwarfbug.html#DW201703-001
 https://www.prevanders.net/dwarfbug.html
Description:
 An issue, also known as DW201703-001, was discovered in libdwarf
 2017-03-21. In dwarf_formsdata() a few data types were not checked for
 being in bounds, leading to a heap-based buffer over-read.
Ubuntu-Description:
Notes:
 seth-arnold> fix cc37d6917011733d776ae228af4e5d6abe9613c1
Bugs:
Priority: medium
Discovered-by: Marcel Bohme and Van-Thuan Pham
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_dwarfutils:
upstream_dwarfutils: released (20170416-2)
precise/esm_dwarfutils: DNE
trusty_dwarfutils: ignored (reached end-of-life)
trusty/esm_dwarfutils: DNE (trusty was needed)
vivid/stable-phone-overlay_dwarfutils: DNE
vivid/ubuntu-core_dwarfutils: DNE
xenial_dwarfutils: ignored (end of standard support, was needed)
yakkety_dwarfutils: ignored (reached end-of-life)
zesty_dwarfutils: ignored (reached end-of-life)
artful_dwarfutils: ignored (reached end-of-life)
bionic_dwarfutils: not-affected (20180129-1)
cosmic_dwarfutils: not-affected (20180129-1)
disco_dwarfutils: not-affected (20180129-1)
eoan_dwarfutils: not-affected (20180129-1)
focal_dwarfutils: not-affected (20180129-1)
groovy_dwarfutils: not-affected (20180129-1)
hirsute_dwarfutils: not-affected (20180129-1)
impish_dwarfutils: not-affected (20180129-1)
jammy_dwarfutils: not-affected (20180129-1)
devel_dwarfutils: not-affected (20180129-1)