DEBIAN-CVE-2017-7226

DEBIAN-CVE-2017-7226 PUBLISHED CVSS 9.100000381469727 CRITICAL

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

Risk Scores

CVSS v3.0

9.100000381469727

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	binutils	0, 0, 0
Debian:11	binutils	0, 0, 0
Debian:14	binutils	0, 0, 0
Debian:12	binutils	0, 0, 0

Timeline

Mar 22, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-7226 advisory

Open in Interactive Console →