An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section in the merge_strings function in merge.c when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1647417]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1647416]
This bug can only triggered by using specially crafted, corrupt input files.
As such it will not normally be encountered by users, and fixing it is a low
priority. The upstream GNU Binutils sources have already been fixed, and this
fix will be brought in with the next rebase to rawhide. Postponing an update
to this BZ until then.
Ahh - please ignore comment #3, it was meant for BZ 1647417
Low impact, easy to reproduce.