CVE-2016-7410

NameCVE-2016-7410
DescriptionThe _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs838019

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dwarfutils (PTS)jessie20120410-2+deb8u1fixed
stretch20161124-1+deb9u1fixed
buster20180809-1fixed
bullseye20201201-1fixed
sid, trixie, bookworm20210528-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dwarfutilssourcewheezy(not affected)
dwarfutilssourcejessie(not affected)
dwarfutilssource(unstable)20160923-1838019

Notes

[jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
[wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
https://www.prevanders.net/dwarfbug.html#DW201609-003
http://seclists.org/oss-sec/2016/q3/490
Initial addressed upstream in refactoring in:
https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2
with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
Search for package or bug name: Reporting problems