The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Details
- CVSS 3.1 Base Score: 7.8
- CVSS 3.0 Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Amazon Linux Ami 2 | amazon-linux-ami-2-upgrade-binutilsamazon-linux-ami-2-upgrade-binutils-debuginfoamazon-linux-ami-2-upgrade-binutils-devel | Apr 27, 2020 | Jan 26, 2018 | |
| Debian | debian-upgrade-binutils | Jul 30, 2024 | Jan 26, 2018 | |
| Huawei Euleros 2_0_sp1 | huawei-euleros-2_0_sp1-upgrade-binutilshuawei-euleros-2_0_sp1-upgrade-binutils-devel | Mar 16, 2018 | Jan 26, 2018 | |
| Huawei Euleros 2_0_sp2 | huawei-euleros-2_0_sp2-upgrade-binutilshuawei-euleros-2_0_sp2-upgrade-binutils-devel | Mar 16, 2018 | Jan 26, 2018 | |
| Huawei Euleros 2_0_sp3 | huawei-euleros-2_0_sp3-upgrade-binutilshuawei-euleros-2_0_sp3-upgrade-binutils-devel | Dec 18, 2019 | Jan 26, 2018 | |
| Huawei Euleros 2_0_sp5 | huawei-euleros-2_0_sp5-upgrade-binutilshuawei-euleros-2_0_sp5-upgrade-binutils-devel | Aug 16, 2019 | Jan 26, 2018 | |
| Redhat_linux | no-fix-redhat-rpm-package | Jul 9, 2025 | Jan 26, 2018 | |
| Suse | — | suse-upgrade-binutilssuse-upgrade-binutils-develsuse-upgrade-binutils-devel-32bitsuse-upgrade-binutils-goldsuse-upgrade-cross-aarch64-binutilssuse-upgrade-cross-arm-binutilssuse-upgrade-cross-avr-binutilssuse-upgrade-cross-epiphany-binutilssuse-upgrade-cross-hppa-binutilssuse-upgrade-cross-hppa64-binutilssuse-upgrade-cross-i386-binutilssuse-upgrade-cross-ia64-binutilssuse-upgrade-cross-m68k-binutilssuse-upgrade-cross-mips-binutilssuse-upgrade-cross-ppc-binutilssuse-upgrade-cross-ppc64-binutilssuse-upgrade-cross-ppc64le-binutilssuse-upgrade-cross-riscv64-binutilssuse-upgrade-cross-rx-binutilssuse-upgrade-cross-s390-binutilssuse-upgrade-cross-s390x-binutilssuse-upgrade-cross-sparc-binutilssuse-upgrade-cross-sparc64-binutilssuse-upgrade-cross-spu-binutilssuse-upgrade-libctf-nobfd0suse-upgrade-libctf0 | Oct 18, 2018 | Jan 26, 2018 |
| Ubuntu | ubuntu-pro-upgrade-binutilsubuntu-pro-upgrade-binutils-multiarch | Jul 22, 2021 | Jan 26, 2018 | |
| Vmware Photon_os | vmware-photon_os_update_tdnf | Jan 20, 2025 | Jan 26, 2018 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub