An integer overflow was found in load_specific_debug_section function.
Created binutils tracking bugs for this issue:
Affects: fedora-all [bug 1664713]
Created mingw-binutils tracking bugs for this issue:
Affects: epel-all [bug 1664715]
Affects: fedora-all [bug 1664714]
When binutils is compiled in 32bit mode, an integer overflow is possible in load_specific_debug_section function() in objdump.c which may lead to an heap-based buffer overflow in bfd_get_full_section_contents().
This issue did not affect the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable code. Moreover the flaw can only be triggered on 32bit versions of the component.