CVE-2017-7609

Published: 09 April 2017

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
elfutils
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.170-0.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.165-3ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(0.158-0ubuntu5.2)
Patches:
Upstream: https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8dcc4bf791469a32c3a09ebcc23b309bf75c795f