CVE-2017-14130

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the bfd elf parse attributes function in the elf-attrs.c component of the Binary File Descriptor (BFD) library, which allows remote attackers to cause a denial of service via a crafted ELF file. This is due to a heap-based buffer over-read, leading to an application crash. The vulnerability can be exploited by a remote attacker using a specially crafted ELF file, resulting in a denial of service.

Recommendations: For GNU Binutils version 2.29, consider avoiding the use of the bfd elf parse attributes function until a patch is available. As a temporary workaround, restrict the processing of ELF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.