CVE-2019-7149

Published: 28 January 2019

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
elfutils
Launchpad, Ubuntu, Debian
Upstream
Released (0.176-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(0.176-1.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.176-1.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.170-0.4ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.165-3ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Patches:
Upstream: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35