An out of bounds heap read vulnerability was found in _dwarf_get_size_of_val triggered by invoking dwarfdump command on crafted file. Upstream patches: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13 https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2 CVE assignment: http://seclists.org/oss-sec/2016/q4/144
Created libdwarf tracking bugs for this issue: Affects: fedora-all [bug 1385692] Affects: epel-6 [bug 1385693]