CVE-2017-12459
7.8
HIGH
CVSS 3.1
EPSS 0.42%
Description
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.
How to fix CVE-2017-12459
To remediate CVE-2017-12459, upgrade the affected package to a fixed version below.
- Debian/binutils—upgrade to 2.29-8 or later
Is CVE-2017-12459 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.29-8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |