CVE-2014-0172

Name of the Vulnerable Software and Affected Versions elfutils versions 0.153 through 0.158

Description The issue is related to an integer overflow in the check section function within the libdw library, used by elfutils. This overflow can be triggered by a malformed compressed debug section in an ELF file, leading to a heap-based buffer overflow. As a result, remote attackers may cause a denial of service, such as an application crash, or potentially execute arbitrary code.

Recommendations For elfutils versions 0.153 through 0.158, consider updating to a version where this issue is fixed, as using a malformed compressed debug section in an ELF file could lead to a denial of service or code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.