CVE-2016-9480 Information

Description

libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the \malformed dwarf file\ approach related to a \Heap Buffer Over-read\ issue affecting the dwarf_util.c component aka DW201611-006.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

http://www.securityfocus.com/bid/94980 https://sourceforge.net/p/libdwarf/bugs/5/ https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ https://www.prevanders.net/dwarfbug.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

9.1