CVE-2017-12450

HIGH

GNU Binutils < 2.29 - Out-of-Bounds Write

Title source: rule

Description

The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.

References (1)

[Issue Tracking, Patch, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=21813

Scores

CVSS v3 7.8

EPSS 0.0054

EPSS Percentile 67.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status draft

Affected Products (1)

gnu/binutils < 2.29

Timeline

Published Aug 04, 2017

Tracked Since Feb 18, 2026