CVE-2018-19931
HIGHGNU Binutils < 2.31 - Heap-Based Buffer Overflow in BFD Library via Program Header Count
Title source: llmDescription
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
References (8)
Core 8
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://sourceware.org/bugzilla/show_bug.cgi?id=23942
Patch x_refsource_misc
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=5f60af5d24d181371d67534fa273dd221df20c07
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190221-0004/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106144
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201908-01
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4336-1/
Scores
CVSS v3
7.8
EPSS
0.0032
EPSS Percentile
55.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (3)
canonical/ubuntu_linux
18.04
gnu/binutils
< 2.31
netapp/vasa_provider
7.2
Published
Dec 07, 2018
Tracked Since
Feb 18, 2026