Shuang Po

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions prior to 2.4.0 **Description** The issue is related to a heap-buffer-overflow in the error function `bfd getl32` when called from the `strip main` function in strip-new via a crafted file. This can lead to a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For GNU Binutils versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted files that could trigger the heap-buffer-overflow in the `bfd getl32` function. Restrict access to the `strip-new` function to minimize the risk of exploitation.