CVE-2017-12453
7.8
HIGH
CVSS 3.1
EPSS 0.35%
Description
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
How to fix CVE-2017-12453
To remediate CVE-2017-12453, upgrade the affected package to a fixed version below.
- Debian/binutils—upgrade to 2.29-9 or later
Is CVE-2017-12453 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.29-9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |