CVE-2017-12450

NameCVE-2017-12450
DescriptionThe alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
binutils (PTS)jessie, jessie (lts)2.25-5+deb8u2vulnerable
stretch (lts), stretch2.28-5+deb9u1vulnerable
buster, buster (lts)2.31.1-16+deb10u1fixed
bullseye2.35.2-2fixed
bookworm2.40-2fixed
sid, trixie2.43.1-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
binutilssource(unstable)2.29-9

Notes

[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
[wheezy] - binutils <no-dsa> (Minor issue)
https://sourceware.org/bugzilla/show_bug.cgi?id=21813
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e

Search for package or bug name: Reporting problems