Medium severity5.5NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-15023

Description

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

Affected products

GNU/Binutils
cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/nvdPatchThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/101611nvd
security.gentoo.org/glsa/201801-01nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000