http://bugzilla.suse.com/show_bug.cgi?id=1012823 Bug ID: 1012823 Summary: VUL-0: CVE-2016-9480: libdwarf: heap buffer overflow in dwarf_util.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dmueller@suse.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- rh#1399990 libdwarf allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component. References: DW201611-006 https://www.prevanders.net/dwarfbug.html Upstream bug (currently private): https://sourceforge.net/p/libdwarf/bugs/5/ Upstream patch: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd... References: https://bugzilla.redhat.com/show_bug.cgi?id=1399990 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9480 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9480.html http://www.cvedetails.com/cve/CVE-2016-9480/ https://www.prevanders.net/dwarfbug.html https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd... https://sourceforge.net/p/libdwarf/bugs/5/ -- You are receiving this mail because: You are on the CC list for the bug.