CVE-2016-4487

Published: 24 February 2017

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
binutils
Launchpad, Ubuntu, Debian
Upstream
Released (2.28)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.28-3ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.26.1-1ubuntu1~16.04.8+esm1)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=fa3fcee7b8c73070306ec358e730d1dfcac246bf
binutils-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gcc-arm-none-eabi
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
gcc-h8300-hms
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gccxml
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
gdb
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.99.90.20170502-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.11.1-0ubuntu1~16.5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7.7.1-0ubuntu5~14.04.3])
ht
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.1.0+repack1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
libiberty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(20161220-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(20161220-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(20161220-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (20160215-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [20131116-1ubuntu0.2])
Patches:
Upstream: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be3004dc350a820a5b0320b34bd05673ba534058
nescc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
sdcc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
valgrind
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:3.12.0-1.1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:3.11.0-1ubuntu4.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:3.10.1-1ubuntu3~14.5])