The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.

Published : 2017-05-01 18:59 Updated : 2019-10-03 00:03

CVSS Score More info
Score 5.0 / 10
Vendor Product Version URI
Gnu Binutils 2.28 cpe:/a:gnu:binutils:2.28
  1. Gnu (1) Search CVE
    1. Binutils (1) Search CVE
      1. 2.28


ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-10-03 00:03
2017-09-19 07:08
2017-05-01 18:59