DEBIAN-CVE-2017-8396

DEBIAN-CVE-2017-8396 PUBLISHED CVSS 7.5 HIGH

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	binutils	0, 0, 0
Debian:13	binutils	0, 0, 0
Debian:11	binutils	0, 0, 0
Debian:14	binutils	0, 0, 0

Timeline

May 1, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-8396 advisory

Open in Interactive Console →