CVE-2016-10255

Name of the Vulnerable Software and Affected Versions elfutils versions prior to 0.168

Description The issue allows remote attackers to cause a denial of service (crash) via a crafted ELF header value, specifically through manipulated sh off or sh size values, which triggers a memory allocation failure. This occurs due to a problem in the libelf set rawdata wrlock function in elf getdata.c.

Recommendations For versions prior to 0.168, update to version 0.168 or later to resolve the issue. As a temporary workaround, consider restricting access to elfutils until the update is applied.