CVE-2017-9752

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts. This occurs via a crafted binary file, which is mishandled by the bfd vms get value and bfd vms slurp etir functions during the execution of "objdump -D".

Recommendations For GNU Binutils version 2.28, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the objdump -D command with untrusted binary files until a patch is available. Avoid using the bfd vms get value and bfd vms slurp etir functions with crafted binary files to minimize the risk of exploitation.