CVE-2014-8501

Priority
Medium
Description
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils
2.24 and earlier allows remote attackers to cause a denial of service
(out-of-bounds write) and possibly have other unspecified impact via a
crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
References
Bugs
Notes
 sbeattie> binutils USN description:
  Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function
  in libbfd in GNU binutils allowed out-of-bounds writes. An
  attacker could use this to craft input that could cause a denial
  of service (application crash) or possibly execute arbitrary code.
Assigned-to
sbeattie
Package
Source: gdb (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (7.99.90.20170502-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.7.1-0ubuntu5~14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.11.1-0ubuntu1~16.04)
Ubuntu 17.04 (Zesty Zapus):not-affected (7.12.50.20170314-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (2.24.90.20141111-2ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.22-6ubuntu1.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.24-5ubuntu3.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.24.90.20141111-2ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.24.90.20141111-2ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
More Information

Updated: 2017-10-17 19:14:08 UTC (commit 13537)