The Binary File Descriptor (BFD) library (aka libbfd) has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.
Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=20908