The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
La función evax_bfd_print_emh en vms-alpha.c en la librería Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos provoquen una lectura de memoria dinámica fuera de límites mediante un archivo vms alpha manipulado.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
