The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | binutils | <Â 2.28-5 | binutils_2.28-5_all.deb |
Debian | 11 | all | binutils | <Â 2.28-5 | binutils_2.28-5_all.deb |
Debian | 10 | all | binutils | <Â 2.28-5 | binutils_2.28-5_all.deb |
Debian | 999 | all | binutils | <Â 2.28-5 | binutils_2.28-5_all.deb |
Debian | 13 | all | binutils | <Â 2.28-5 | binutils_2.28-5_all.deb |