CVE-2017-12449 (NVD)

2017-08-04

The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.

Products Binutils
Type Out-of-bounds Read (CWE-125)
First patch - None (likely due to unavailable code)
Links https://sourceware.org/bugzilla/show_bug.cgi?id=21840