1296986 – (CVE-2015-8750) CVE-2015-8750 libdwarf: NULL pointer dereference in dwarf_utils.c

Bug 1296986 (CVE-2015-8750) - CVE-2015-8750 libdwarf: NULL pointer dereference in dwarf_utils.c

Summary: CVE-2015-8750 libdwarf: NULL pointer dereference in dwarf_utils.c

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2015-8750
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1294264 1296989
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-08 15:49 UTC by Andrej Nemec
Modified:	2019-09-29 13:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 02:47:19 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-01-08 15:49:44 UTC

A null pointer dereference was found in the libdwarf package. This flaw may result in a crash with specially crafted input.

This was originally filed as bug 1294264. 

CVE assignment: 

http://seclists.org/oss-sec/2016/q1/45

Upstream patch: 

11750a2838e52953013e3114ef27b3c7b1780697
in 
git://git.code.sf.net/p/libdwarf/code

Also available on GitHub:

https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697

Comment 1 Andrej Nemec 2016-01-08 15:51:31 UTC

Created libdwarf tracking bugs for this issue:

Affects: epel-6 [bug 1296989]

Comment 2 Tom Hughes 2016-01-08 15:51:37 UTC

BTW my github repo is not the upstream... The upstream is the repo at git://git.code.sf.net/p/libdwarf/code.

Comment 3 Andrej Nemec 2016-01-08 15:57:41 UTC

(In reply to Tom Hughes from comment #2)
> BTW my github repo is not the upstream... The upstream is the repo at
> git://git.code.sf.net/p/libdwarf/code.

Thanks, I updated comment #0.

Note You need to log in before you can comment on or make changes to this bug.