CVE-2017-8396

Priority
Description
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in
GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the
existing reloc offset range tests didn't catch small negative offsets less
than the size of the reloc field. This vulnerability causes programs that
conduct an analysis of binary programs using the libbfd library, such as
objdump, to crash.
Notes
Package
Upstream:released (2.28-5)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.30-21ubuntu1~18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.32-7ubuntu4)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.32-8ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2.32-8ubuntu1)
Patches:
Upstream:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
More Information

Updated: 2019-12-05 19:50:07 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)