Fedora Account System
Red Hat Associate
Red Hat Customer
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21670 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04e15b4a9462cb1ae819e878a6009829aab8020b References:
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1469753] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1469754]