The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
La función pe_print_idata en peXXigen.c en la librería Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, gestiona incorrectamente entradas de vectores HintName, lo que permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap y cierre inesperado de aplicación) mediante un archivo PE manipulado. Esto está relacionado con la función bfd_getl16.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
