CVE-2014-8501

Publication date 9 December 2014

Last updated 24 July 2024


Ubuntu priority

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

Read the notes from the security team

Status

Package Ubuntu Release Status
binutils 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid
Not affected
14.10 utopic
Fixed 2.24.90.20141014-0ubuntu3.1
14.04 LTS trusty
Fixed 2.24-5ubuntu3.1
12.04 LTS precise
Fixed 2.22-6ubuntu1.2
10.04 LTS lucid
Fixed 2.20.1-3ubuntu7.2
gdb 17.04 zesty
Not affected
16.10 yakkety
Not affected
16.04 LTS xenial
Not affected
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 7.7.1-0ubuntu5~14.04.3
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life

Notes


sbeattie

binutils USN description: Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
binutils

References

Related Ubuntu Security Notices (USN)

    • USN-2496-1
    • GNU binutils vulnerabilities
    • 9 February 2015

Other references