A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
Created elfutils tracking bugs for this issue:
Affects: fedora-all [bug 1671444]
Flagging openshift-online-3 as NOTAFFECTED since binaries ship as part of RHEL.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:2197
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):