CVE-2014-0172
Published: 11 April 2014
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
Priority
Status
Package | Release | Status |
---|---|---|
elfutils Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Released
(0.153-1ubuntu1.1)
|
|
saucy |
Released
(0.157-1ubuntu1.1)
|
|
trusty |
Released
(0.158-0ubuntu5.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=7f1eec317db79627b473c5b149a22a1b20d1f68f |