CVE-2017-14974

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the get synthetic symtab functions in the Binary File Descriptor (BFD) library, which mishandle the failure of a certain canonicalization step. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted ELF file. The components elf32-i386.c and elf64-x86-64.c are specifically affected.

Recommendations: For GNU Binutils version 2.29, consider avoiding the use of the get synthetic symtab functions until a patch is available. As a temporary workaround, restrict the processing of crafted ELF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.