The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-dev" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-doc" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-multiarch" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-multiarch-dev" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-source" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-static" }, { "binary_version": "2.24-5ubuntu3.1", "binary_name": "binutils-static-udeb" } ] }