The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1645961]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1645963]
Trivial to reproduce, binutils220 does not package c++filt.