CVE-2017-12459

HIGH

GNU Binutils < 2.29 - Out-of-Bounds Write

Title source: rule

Description

The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.

References (1)

[Issue Tracking, Patch, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=21840

Scores

CVSS v3 7.8

EPSS 0.0054

EPSS Percentile 67.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status draft

Affected Products (1)

gnu/binutils < 2.29

Timeline

Published Aug 04, 2017

Tracked Since Feb 18, 2026