CVE-2016-8680

MEDIUM

libdwarf <20161001 - DoS

Title source: llm

Description

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

References (5)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/10/16/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93595

[Exploit, Patch, Third Party Advisory, VDB Entry] https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/

[Issue Tracking, Patch, Third Party Advisory, VDB Entry] https://bugzilla.redhat.com/show_bug.cgi?id=1385686

[Patch, Vendor Advisory] https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2

Scores

CVSS v3 6.5

EPSS 0.0077

EPSS Percentile 73.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-125

Status published

Affected Products (2)

libdwarf_project/libdwarf < 2016-10-01

n/a/n/a

Timeline

Published Feb 15, 2017

Tracked Since Feb 18, 2026