A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file. External References: https://sourceware.org/bugzilla/show_bug.cgi?id=25840 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca3f923f82a079dcf441419f4a50a50f8b4b33c2
Created binutils tracking bugs for this issue: Affects: fedora-32 [bug 1906757] Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1906758]
Statement: The version of binutils shipped in Red Hat Developer Toolset 10 and Red Hat Enterprise Linux 8's GCC Toolset 10 is not affected by this flaw because it has already been patched.