DEBIAN-CVE-2017-13757

DEBIAN-CVE-2017-13757 PUBLISHED CVSS 5.5 MEDIUM

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	binutils	0, 0, 0
Debian:13	binutils	0, 0, 0
Debian:12	binutils	0, 0, 0
Debian:11	binutils	0, 0, 0

Timeline

Aug 29, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-13757 advisory

Open in Interactive Console →