DEBIAN-CVE-2017-8397

DEBIAN-CVE-2017-8397 PUBLISHED CVSS 7.5 HIGH

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	binutils	0, 0, 0
Debian:13	binutils	0, 0, 0
Debian:12	binutils	0, 0, 0
Debian:14	binutils	0, 0, 0

Timeline

May 1, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-8397 advisory

Open in Interactive Console →