The Binary File Descriptor (BFD) library (aka libbfd) is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.
Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=20922