CVE-2019-7664

Priority
Description
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in
libelf/note_xlate.h because of an incorrect overflow check. Crafted elf
input causes a segmentation fault, leading to denial of service (program
crash).
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.176-1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.165-3ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.170-0.4)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.176-1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (0.176-1.1)
Patches:
Upstream:https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
More Information

Updated: 2020-03-18 21:42:42 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)