Ned Ludd

**Name of the Vulnerable Software and Affected Versions** elfutils versions prior to 0.108 binutils version 2.11.90.0.8 gdb version 5.3.90 **Description** The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited locally. The problem is caused by an integer overflow in the Binary File Descriptor (BFD) library, which allows user-assisted attackers to execute arbitrary code via a crafted object file. This can lead to a heap-based buffer overflow. **Recommendations** For elfutils versions prior to 0.108, update to version 0.108 or later. For binutils version 2.11.90.0.8, update to a version that fixes the integer overflow issue in the BFD library. For gdb version 5.3.90, update to version 6.3 or later to fix the integer overflow issue in the BFD library. As a temporary workaround, consider restricting the use of the BFD library until a patch is available.