An out of bounds heap read vulnerability was found in _dwarf_get_abbrev_for_code triggered by invoking dwarfdump command on crafted file. Upstream patch: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2 CVE assignment: http://seclists.org/oss-sec/2016/q4/145
Created libdwarf tracking bugs for this issue: Affects: fedora-all [bug 1385692] Affects: epel-6 [bug 1385693]