New subject: [Bug 1012823] VUL-0: CVE-2016-9480: libdwarf: heap buffer overflow in dwarf_util.c

30 Nov 2016

      http://bugzilla.suse.com/show_bug.cgi?id=1012823

            Bug ID: 1012823
           Summary: VUL-0: CVE-2016-9480: libdwarf: heap buffer overflow
                    in dwarf_util.c
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 42.2
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: dmueller@suse.com
          Reporter: abergmann@suse.com
        QA Contact: qa-bugs@suse.de
          Found By: Security Response Team
           Blocker: ---

rh#1399990

libdwarf allows context-dependent attackers to obtain sensitive information or
cause a denial of service by using the "malformed dwarf file" approach, related
to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component.

References:
DW201611-006
https://www.prevanders.net/dwarfbug.html

Upstream bug (currently private):
https://sourceforge.net/p/libdwarf/bugs/5/

Upstream patch:
https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd...

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1399990
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9480
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9480.html
http://www.cvedetails.com/cve/CVE-2016-9480/
https://www.prevanders.net/dwarfbug.html
https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd...
https://sourceforge.net/p/libdwarf/bugs/5/

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1012823] New: VUL-0: CVE-2016-9480: libdwarf: heap buffer overflow in dwarf_util.c

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)