Your submission was sent successfully! Close

CVE-2019-7664

Published: 9 February 2019

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
elfutils
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(0.170-0.4)
cosmic Not vulnerable
(0.170-0.5.0ubuntu1)
disco Not vulnerable
(0.176-1)
eoan Not vulnerable
(0.176-1.1)
focal Not vulnerable
(0.176-1.1)
groovy Not vulnerable
(0.176-1.1)
hirsute Not vulnerable
(0.176-1.1)
impish Not vulnerable
(0.176-1.1)
jammy Not vulnerable
(0.176-1.1)
precise Ignored
(end of ESM support, was needs-triage)
trusty Needs triage

upstream
Released (0.176-1)
xenial Not vulnerable
(0.165-3ubuntu1.1)
Patches:
upstream: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32