cpe:/a:gnu:binutils:2.28 CVE-2017-9754 2017-06-19T00:29:00.607-04:00 2017-06-26T12:21:02.160-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2017-06-25T20:32:37.247-04:00 BID 99125 CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=21591 The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.