Objdump of GNU Binutils before 2.34 has a heap-buffer-overflow in function bfd_pef_parse_function_stubs (file bfd/pef.c) which could allow attackers to cause a denial of service or unspecified impact. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=25307
Created mingw-binutils tracking bugs for this issue: Affects: fedora-all [bug 1911438]
Flaw technical summary: This flaw is caused by an improper length check followed by a call to `bfd_pef_parse_function_stub()` in `bfd_pef_parse_function_stubs()` of bfd/pef.c. There's a length check for `if ((codepos + 4) > codelen)`, but the subsequent call to `bfd_pef_parse_function_stub()` passes in length 24, which could read past the end of the `codebuf` buffer.
Upstream commit: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab
Statement: Binutils as shipped with Red Hat Enterprise Linux 8's GCC Toolset 10 and Red Hat Developer Toolset 10 are not affected by this flaw because the versions shipped have already received the patch.