CVE-2014-9939

Published: 21 March 2017

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

Priority

Negligible

CVSS 3 base score: 9.8

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.25.90.20151125-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.26.1-1ubuntu1~16.04.3)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.
gdb
Launchpad, Ubuntu, Debian
Upstream
Released (7.10-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.11.1-0ubuntu1~16.04)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
This vulnerability is mitigated in part by the use of -D_FORTIFY_SOURCE=2 in Ubuntu.