A flaw was found in the read_attribute_value function in dwarf2.c file in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils up to version 2.30, when compiled in 32bit mode. This allows attackers to cause a denial of service (integer wraparound and application crash) via an ELF file with a corrupt DWARF FORM block. References: https://sourceware.org/bugzilla/show_bug.cgi?id=22895 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
Created binutils tracking bugs for this issue: Affects: fedora-all [bug 1551779] Created mingw-binutils tracking bugs for this issue: Affects: epel-all [bug 1551780]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3032 https://access.redhat.com/errata/RHSA-2018:3032