Unrated severityNVD Advisory· Published Sep 5, 2012· Updated Apr 29, 2026

CVE-2012-3509

Description

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Affected products

GNU/Binutils
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
Range: >=2.22,<2.24
GNU/Libiberty
cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.htmlnvdPatchVendor Advisory
security-tracker.debian.org/tracker/CVE-2012-3509nvdIssue TrackingThird Party Advisory
www.openwall.com/lists/oss-security/2012/08/29/3nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/55281nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2496-1nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/78135nvdThird Party Advisory
gcc.gnu.org/bugzilla/show_bug.cginvdIssue Tracking
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000