DEBIAN-CVE-2017-16832

DEBIAN-CVE-2017-16832 PUBLISHED CVSS 7.800000190734863 HIGH

The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.

Risk Scores

CVSS v3.0

7.800000190734863

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	binutils	0, 0, 0
Debian:14	binutils	0, 0, 0
Debian:12	binutils	0, 0, 0
Debian:13	binutils	0, 0, 0

Timeline

Nov 15, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-16832 advisory

Open in Interactive Console →