CVE-2017-14938

Name of the Vulnerable Software and Affected Versions: GNU Binutils versions 2.29 and earlier

Description: The issue allows remote attackers to cause a denial of service, resulting in excessive memory allocation and an application crash, via a crafted ELF file. This is due to the bfd elf slurp version tables function in the elf.c component of the Binary File Descriptor (BFD) library, which permits unlimited memory allocation.

Recommendations: For GNU Binutils versions 2.29 and earlier, consider updating to a version later than 2.29 to resolve the issue. As a temporary workaround, consider restricting the use of the bfd elf slurp version tables function in the elf.c component until a patch is available. Avoid processing crafted ELF files with the affected GNU Binutils versions to minimize the risk of exploitation.