http://bugzilla.opensuse.org/show_bug.cgi?id=1039693 Bug ID: 1039693 Summary: VUL-1: CVE-2017-9055: libdwarf: heap-based buffer over-read (dwarf_formsdata() func) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-9055 =================================================== Description An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. =================================================== Hperlink [1] https://security-tracker.debian.org/tracker/CVE-2017-9055 [2] https://www.prevanders.net/dwarfbug.html#DW201703-001 (open-)SUSE: https://software.opensuse.org/package/libdwarf 20161124 (TW, official repo) 20150115 (42.{2,3}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.