CVE-2018-1000876
Description
Integer overflow in binutils objdump can lead to heap overflow and arbitrary code execution via crafted files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in binutils objdump can lead to heap overflow and arbitrary code execution via crafted files.
Vulnerability
An integer overflow vulnerability exists in GNU binutils versions 2.32 and earlier, specifically in the bfd_get_dynamic_reloc_upper_bound and bfd_canonicalize_dynamic_reloc functions used by objdump. When processing a maliciously crafted binary file, an integer overflow can occur, leading to an undersized heap allocation and subsequent heap overflow. This affects binutils as shipped in Red Hat Enterprise Linux and Ubuntu systems prior to the fixes [1][2].
Exploitation
Exploitation requires an attacker to supply a specially crafted binary file that triggers the integer overflow when objdump processes its dynamic relocation entries. The attacker must have local access to the system and convince a user or automated process to run objdump on the malicious file. No authentication is needed beyond local user access, but user interaction is required to execute the tool on the crafted input.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the user running objdump. This can lead to a full compromise of the user's session, including data theft, privilege escalation (if the user has elevated rights), or further system compromise. The impact is limited to the privileges of the user who runs the tool.
Mitigation
The vulnerability is fixed in binutils after commit 3a551c7a1b80fca579461774860574eabfd7f18f. Red Hat released RHSA-2019:2075 [1] to address this issue. Ubuntu released USN-4336-1 [2] which updated binutils to version 2.30-21ubuntu1~18.04.3 for Ubuntu 18.04 LTS. Users should update their binutils package to the latest patched version. No workaround is available; updating is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
56- osv-coords54 versionspkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/binutils&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/binutils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/cross-ppc-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/cross-spu-binutils&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.32-lp150.10.1+ 53 more
- (no CPE)range: < 2.32-lp150.10.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.37-1.3
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-lp151.3.3.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-6.8.1
- (no CPE)range: < 2.32-7.5.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
- (no CPE)range: < 2.32-9.33.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
6- lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
- access.redhat.com/errata/RHSA-2019:2075mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/4336-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.securityfocus.com/bid/106304mitrevdb-entryx_refsource_BID
- sourceware.org/bugzilla/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.