The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21577
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1469523] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1469522]