CVE-2014-8738

Description

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

How to fix CVE-2014-8738

To remediate CVE-2014-8738, upgrade the affected package to a fixed version below.

• Debian/binutils—upgrade to 2.24.90.20141124-1 or later
• Debian/binutils-mingw-w64—upgrade to 5.2 or later

Is CVE-2014-8738 being exploited?

Moderate — EPSS is 7.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.24.90.20141124-1
• from 0, < 5.2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-8738