CVE-2017-7226

Priority
Medium
Description
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library
(aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a
heap-based buffer over-read of size 4049 because it uses the strlen
function instead of strnlen, leading to program crashes in several
utilities such as addr2line, size, and strings. It could lead to
information disclosure as well.
References
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):ignored (reached end-of-life)
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
More Information

Updated: 2018-01-15 13:29:26 UTC (commit 14005)