The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.
Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=21577
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1469523]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1469522]