CVE-2017-16832
HIGHGNU Binutils - Denial of Service via Crafted PE File in BFD Library
Title source: llmDescription
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch x_refsource_confirm
https://sourceware.org/bugzilla/show_bug.cgi?id=22373
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201811-17
Patch x_refsource_confirm
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=0bb6961f18b8e832d88b490d421ca56cea16c45b
Scores
CVSS v3
7.8
EPSS
0.0034
EPSS Percentile
56.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
gnu/binutils
2.29.1
Published
Nov 15, 2017
Tracked Since
Feb 18, 2026