First published: Thu Oct 10 2019(Updated: )
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Binutils | =2.32 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Canonical Ubuntu Linux | =18.04 | |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 2.43.50.20241221-1 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-17451 is an integer overflow vulnerability in the Binary File Descriptor (BFD) library, as distributed in GNU Binutils 2.32.
CVE-2019-17451 can lead to a SEGV (Segmentation Fault) in _bfd_dwarf2_find_nearest_line in dwarf2.c, resulting in a denial of service.
The affected software versions include Binutils 2.30-21ubuntu1~18.04.3 on Ubuntu 18.04.3, Binutils 2.26.1-1ubuntu1~16.04.8+ on Ubuntu 16.04.8+, and Binutils 2.31.1-16 on Debian.
To fix CVE-2019-17451, update to Binutils version 2.30-21ubuntu1~18.04.3 for Ubuntu 18.04.3, version 2.26.1-1ubuntu1~16.04.8+ for Ubuntu 16.04.8+, or version 2.31.1-16 for Debian.
More information about CVE-2019-17451 can be found at the following references: [insert references here]