CVE-2017-12453

HIGH

GNU Binutils < 2.29 - Out-of-bounds Read in BFD Library via Crafted VMS Alpha File

Title source: llm
STIX 2.1

Description

The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

References (1)

Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=21813

Scores

CVSS v3 7.8
EPSS 0.0149
EPSS Percentile 71.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (1)
gnu/binutils < 2.29
Published Aug 04, 2017
Tracked Since Feb 18, 2026