CVE-2019-7664

Priority
Description
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in
libelf/note_xlate.h because of an incorrect overflow check. Crafted elf
input causes a segmentation fault, leading to denial of service (program
crash).
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.176-1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.165-3ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.170-0.4)
Ubuntu 19.04 (Disco Dingo):not-affected (0.176-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.176-1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (0.176-1.1)
Patches:
Upstream:https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
More Information

Updated: 2019-12-05 20:09:30 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)