Your submission was sent successfully! Close

CVE-2014-8501

Published: 09 December 2014

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Priority

Medium

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.24.90.20141111-2ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.24-5ubuntu3.1)
Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
gdb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.11.1-0ubuntu1~16.04)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])

Notes

AuthorNote
sbeattie
binutils USN description:
Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function
in libbfd in GNU binutils allowed out-of-bounds writes. An
attacker could use this to craft input that could cause a denial
of service (application crash) or possibly execute arbitrary code.

References

Bugs