[Bug 1162594] CVE-2014-8502 binutils: heap overflow in objdump when parsing a crafted ELF/PE binary file (incomplete fix for CVE-2014-8485)

Mon, 18 May 2015 04:12:08 -0700 

https://bugzilla.redhat.com/show_bug.cgi?id=1162594

Vasyl Kaigorodov <vkaig...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|impact=low,public=20141028, |impact=low,public=20141028,
                   |reported=20141111,source=os |reported=20141111,source=os
                   |s-security,cvss2=1.2/AV:L/A |s-security,cvss2=2.6/AV:L/A
                   |C:H/Au:N/C:P/I:N/A:N,cwe=CW |C:H/Au:N/C:P/I:N/A:P,cwe=CW
                   |E-122,dts-2.1/devtoolset-2- |E-122,dts-2.1/devtoolset-2-
                   |binutils=affected,dts-3.0/d |binutils=affected,dts-3.0/d
                   |evtoolset-3-binutils=affect |evtoolset-3-binutils=affect
                   |ed,fedora-all/arm-none-eabi |ed,fedora-all/arm-none-eabi
                   |-binutils-cs=affected,fedor |-binutils-cs=affected,fedor
                   |a-all/avr-binutils=affected |a-all/avr-binutils=affected
                   |,fedora-all/binutils=affect |,fedora-all/binutils=affect
                   |ed,fedora-all/cross-binutil |ed,fedora-all/cross-binutil
                   |s=affected,fedora-all/mingw |s=affected,fedora-all/mingw
                   |-binutils=affected,fedora-a |-binutils=affected,fedora-a
                   |ll/msp430-binutils=affected |ll/msp430-binutils=affected
                   |,rhel-5/binutils=wontfix,rh |,rhel-5/binutils=wontfix,rh
                   |el-5/binutils220=wontfix,rh |el-5/binutils220=wontfix,rh
                   |el-6/binutils=affected,rhel |el-6/binutils=affected,rhel
                   |-6/mingw32-binutils=wontfix |-6/mingw32-binutils=wontfix
                   |,rhel-7/binutils=defer,epel |,rhel-7/binutils=defer,epel
                   |-all/avr-binutils=affected, |-all/avr-binutils=affected,
                   |epel-all/cross-binutils=aff |epel-all/cross-binutils=aff
                   |ected,epel-all/mingw-binuti |ected,epel-all/mingw-binuti
                   |ls=affected                 |ls=affected


--- Doc Text *updated* ---
A heap-based buffer overflow flaw was found in the way objdump utility 
processed certain files. If a user were tricked into running objdump on a 
specially crafted file, it could cause objdump to crash or potentially execute 
arbitrary code with
the privileges of the user running an executable. The original fix for 
CVE-2014-8485 was found to be incomplete.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=A1eP1O6tji&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw

Reply via email to