Red Hat Bugzilla – Bug 159892
CAN-2005-1704 Integer overflow in the Binary File Descriptor (BFD) library
Last modified: 2007-11-30 17:06:54 EST
+++ This bug was initially created as a clone of Bug #159888 +++
Integer overflow in the BFD library for libelf allows attackers to execute
arbitrary code via a crafted object file that specifies a large number of
section headers, leading to a heap-based buffer overflow.
Although libelf is shipped in AS2.1, it is completely different codebase
from elfutils' libelf (RHEL3+). AS2.1 libelf is only shipped as static library
(libelf.a) and to my knowledge nothing in the distro links against it.