CVE-2017-12450
7.8
HIGH
CVSS 3.1
EPSS 0.42%
Description
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.
How to fix CVE-2017-12450
To remediate CVE-2017-12450, upgrade the affected package to a fixed version below.
- Debian/binutils—upgrade to 2.29-9 or later
Is CVE-2017-12450 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.29-9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |