CVE-2017-16832

HIGH

GNU Binutils 2.29.1 - DoS

Title source: llm

Description

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

References (3)

Scores

CVSS v3 7.8
EPSS 0.0034
EPSS Percentile 56.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-190
Status draft

Affected Products (1)

gnu/binutils

Timeline

Published Nov 15, 2017
Tracked Since Feb 18, 2026