1
Candidate: CVE-2017-12448
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12448
5
https://sourceware.org/bugzilla/show_bug.cgi?id=21787
7
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor
8
(BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and
9
earlier, allows remote attackers to cause a heap use after free and
10
possibly achieve code execution via a crafted nested archive file. This
11
issue occurs because incorrect functions are called during an attempt to
12
release memory. The issue can be addressed by better input validation in
13
the bfd_generic_archive_p function in bfd/archive.c.
18
Discovered-by: Ned Williamson
22
patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
23
patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a541116faa5716d5c1a4bc9d1567855902b89a87 (v2.29
24
upstream_binutils: released (2.29.1)
25
precise/esm_binutils: needed
26
trusty_binutils: needed
27
vivid/ubuntu-core_binutils: DNE
28
xenial_binutils: needed
29
zesty_binutils: ignored (reached end-of-life)
30
artful_binutils: not-affected (2.29.1-1ubuntu1)
31
bionic_binutils: not-affected (2.29.1-1ubuntu1)
32
devel_binutils: not-affected (2.29.1-1ubuntu1)