The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21578 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f461bbd847f15657f3dd2f317c30c75a7520da1f
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1469593] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1469592]