libdwarf allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component. References: DW201611-006 https://www.prevanders.net/dwarfbug.html Upstream bug (currently private): https://sourceforge.net/p/libdwarf/bugs/5/ Upstream patch: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
Created libdwarf tracking bugs for this issue: Affects: fedora-all [bug 1399992]
Created libdwarf tracking bugs for this issue: Affects: epel-6 [bug 1385693]