Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1664713]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1664715]
Affects: fedora-all [bug 1664714]
Comment 2Riccardo Schirone
2019-01-15 08:58:31 UTC
When binutils is compiled in 32bit mode, an integer overflow is possible in load_specific_debug_section function() in objdump.c which may lead to an heap-based buffer overflow in bfd_get_full_section_contents().
Comment 6Riccardo Schirone
2019-01-23 08:54:19 UTC
Statement:
This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code. Moreover the flaw can only be triggered on 32bit versions of the component.