Candidate: CVE-2017-7303
PublicDate: 2017-03-29 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303
 https://sourceware.org/bugzilla/show_bug.cgi?id=20922
 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a55c9876bb111fd301b4762cf501de0040b8f9db
Description:
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
 GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of
 missing a check (in the find_link function) for null headers before
 attempting to match them. This vulnerability causes Binutils utilities like
 strip to crash.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Marcel Böhme
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_binutils:
upstream_binutils: released (2.27.51.20161212-1)
precise_binutils: not-affected
precise/esm_binutils: not-affected
trusty_binutils: not-affected
trusty/esm_binutils: not-affected
vivid/stable-phone-overlay_binutils: DNE
vivid/ubuntu-core_binutils: DNE
xenial_binutils: not-affected
esm-infra/xenial_binutils: not-affected
yakkety_binutils: ignored (reached end-of-life)
zesty_binutils: not-affected (2.28-1ubuntu1)
devel_binutils: not-affected (2.28-1ubuntu1)