The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=21670 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04e15b4a9462cb1ae819e878a6009829aab8020b References:
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1469753] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1469754]