CVE-2017-12453

HIGH

GNU Binutils < 2.29 - Out-of-Bounds Read

Title source: rule

Description

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

References (1)

[Issue Tracking, Patch, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=21813

Scores

CVSS v3 7.8

EPSS 0.0035

EPSS Percentile 57.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-125

Status draft

Affected Products (1)

gnu/binutils < 2.29

Timeline

Published Aug 04, 2017

Tracked Since Feb 18, 2026