CVE-2014-8484
binutils-mingw-w64 - security update
EPSS 2.0%
Description
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.
How to fix CVE-2014-8484
To remediate CVE-2014-8484, upgrade the affected package to a fixed version below.
- Debian/binutils—upgrade to 2.24.51.20140903-1 or later
- Debian/binutils—upgrade to 2.20.1-16+deb6u1 or later
- Debian/binutils—upgrade to 2.22-8+deb7u2 or later
- Debian/binutils-mingw-w64—upgrade to 5.2 or later
- —upgrade to 2+deb7u1 or later
Is CVE-2014-8484 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- from 0, < 2.24.51.20140903-1
- from 0, < 2.20.1-16+deb6u1
- from 0, < 2.22-8+deb7u2
- from 0, < 5.2
- from 0, < 2+deb7u1