A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
Created elfutils tracking bugs for this issue:
Affects: fedora-all [bug 1671444]
Flagging openshift-online-3 as NOTAFFECTED since binaries ship as part of RHEL.