Use-after-free vulnerability was reported in libdwarf [1]. If dwarfdump is passed a corrupted ELF file, 'Dwarf_Debug' object will be freed in 'dwarf_elf_object_access_finish', but then this object is being referenced later in 'print_error': -------------------------------- res = dwarf_object_init(binary_interface, errhand, errarg, ret_dbg, error); if (res != DW_DLV_OK){ dwarf_elf_object_access_finish(binary_interface); } -------------------------------- ... -------------------------- if (obj->object) { dwarf_elf_object_access_internals_t *internals = (dwarf_elf_object_access_internals_t *)obj->object; -------------------------- [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1177758
MITRE assigned CVE-2014-9482 to this issue: http://seclists.org/oss-sec/2015/q1/20
It appears to me that the EPEL6 version - 20140413 - is vulnerable to this as well. I believe that upstream commit 9a2dfcfe020314672086e44bddd81c155cba2a6d is the primary fix for this, but it does not apply cleanly to 20140413. I don't want to update to the latest release due to apparent ABI incompatibilities - see http://upstream.rosalinux.ru/versions/libdwarf.html