CVE-2018-19931

HIGH

GNU Binutils - Buffer Overflow

Title source: llm

Description

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

References (8)

[Patch] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106144

[Third Party Advisory] https://security.gentoo.org/glsa/201908-01

[Patch, Third Party Advisory] https://security.netapp.com/advisory/ntap-20190221-0004/

[Issue Tracking, Patch, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=23942

[Third Party Advisory] https://usn.ubuntu.com/4336-1/

Scores

CVSS v3 7.8

EPSS 0.0032

EPSS Percentile 54.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (3)

gnu/binutils < 2.31

netapp/vasa_provider

canonical/ubuntu_linux

Timeline

Published Dec 07, 2018

Tracked Since Feb 18, 2026