CVE-2017-7226

Priority
Medium
Description
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library
(aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a
heap-based buffer over-read of size 4049 because it uses the strlen
function instead of strnlen, leading to program crashes in several
utilities such as addr2line, size, and strings. It could lead to
information disclosure as well.
References
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
More Information

Updated: 2017-08-11 23:26:21 UTC (commit 13081)