CVE-2017-12453

NameCVE-2017-12453
DescriptionThe _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
binutils (PTS)wheezy2.22-8+deb7u2vulnerable
wheezy (security)2.22-8+deb7u3vulnerable
jessie2.25-5+deb8u1vulnerable
stretch2.28-5vulnerable
buster2.29-4vulnerable
sid2.29-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
binutilssource(unstable)(unfixed)medium

Notes

[stretch] - binutils <no-dsa> (Minor issue)
[jessie] - binutils <no-dsa> (Minor issue)
[wheezy] - binutils <no-dsa> (Minor issue)
https://sourceware.org/bugzilla/show_bug.cgi?id=21813
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51

Search for package or bug name: Reporting problems