https://bugzilla.redhat.com/show_bug.cgi?id=1162594
Bug ID: 1162594 Summary: CVE-2014-8502 binutils: heap overflow in objdump Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: bgollahe@redhat.com, dan@danny.cz, dhowells@redhat.com, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, jakub@redhat.com, kalevlember@gmail.com, kanderso@redhat.com, ktietz@redhat.com, law@redhat.com, lkocman@redhat.com, lkundrak@v3.sk, mfranc@redhat.com, mhlavink@redhat.com, nickc@redhat.com, ohudlick@redhat.com, pfrankli@redhat.com, rjones@redhat.com, rob@robspanton.com, seceng-idm-qe-list@redhat.com, swhiteho@redhat.com, thibault.north@gmail.com, tmlcoch@redhat.com, trond.danielsen@gmail.com
A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4].
[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30cae... [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec47d7...