Package: binutils-h8300-hms Version: 2.16.1-8 Severity: grave Tags: security Justification: user security hole
h8300-hitachi-coff-size has a buffer overflow vulnerability. A PoC file is attached. $ gdb --args /usr/bin/h8300-hitachi-coff-size foo Program received signal SIGSEGV, Segmentation fault. 0x08056c12 in ?? () (gdb) -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-3-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages binutils-h8300-hms depends on: ii binutils 2.22-8 ii libc6 2.13-38 binutils-h8300-hms recommends no packages. Versions of packages binutils-h8300-hms suggests: pn binutils-doc <none> -- no debconf information
foo
Description: Binary data
