elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
elfcomm.c en readelf en GNU Binutils 2.29 permite que atacantes remotos provoquen una denegación de servicio (asignación de memoria excesiva) o, posiblemente, causen otro impacto no especificado mediante un archivo ELF manipulado que desencadene un desbordamiento de búfer en la cabecera del archivo atacado. Esto está relacionado con una variable no inicializada, un salto de condición incorrecto y con las funciones get_archive_member_name, process_archive_index_and_symbols y setup_archive.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
