CVE-2017-16832

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1

Description: The issue is related to the pe bfd read buildid function in the peicode.h component of the Binary File Descriptor (BFD) library. It does not validate size and offset values in the data dictionary, allowing remote attackers to cause a denial of service, such as a segmentation violation and application crash, or possibly have other unspecified impacts via a crafted PE file. The vulnerability is also associated with an integer overflow, which can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted PE file.

Recommendations: For GNU Binutils version 2.29.1, consider disabling the pe bfd read buildid function as a temporary workaround until a patch is available. Restrict access to the peicode.h component to minimize the risk of exploitation. Avoid using the vulnerable function with untrusted PE files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.