CVE-2016-8680

NameCVE-2016-8680
DescriptionThe _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs840960

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dwarfutils (PTS)jessie20120410-2+deb8u1vulnerable
stretch20161124-1+deb9u1fixed
buster, sid20180809-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dwarfutilssource(unstable)20161001-2medium840960

Notes

[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
http://www.openwall.com/lists/oss-security/2016/10/08/12
https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2

Search for package or bug name: Reporting problems