An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.
Se ha descubierto un problema en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31. Se ha descubierto una desreferencia de dirección de memoria inválida en read_reloc en reloc.c. La vulnerabilidad provoca un error de segmentación y el cierre inesperado de la aplicación, lo que da lugar a una denegación de servicio. Esto queda demostrado por objdump debido a la falta de comprobación de límites de _bfd_clear_contents.
USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that GNU binutils contained a large number of security issues. If a user or automated system were tricked into processing a specially-crafted file, a remote attacker could cause GNU binutils to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
