An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information.
A flaw was found in the parse_die function in dwarf1.c in the Binary File
Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils up to
version 2.30, when compiled in 32bit mode. This vulnerability allows attackers to cause a denial of service (integer overflow and application crash)
via an ELF file with corrupted dwarf1 debug information.
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1551772]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1551774]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032