A flaw was found in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils up to version 2.30, when compiled in 32bit mode. This vulnerability allows attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupted dwarf1 debug information. References: https://sourceware.org/bugzilla/show_bug.cgi?id=22894 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1551772] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1551774]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032