GNU Binutils through version 2.30 has a heap-based buffer over-read vulnerability in dwarf.c:process_cu_tu_index(). An attacker could exploit this to crash the readelf application by providing a binary file.
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1573359]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1573358]
Affects: fedora-all [bug 1573357]
For RHEL 7, the heap overflow in the memcpy is detected and mitigated by fortify source. Also, the overflowed area is less than 8 bytes.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032