Use-After-Free Vulnerability in libiberty Affects GCC
CVE-2016-4487

5.5MEDIUM

Key Information:

Vendor

Gnu
Status
Libiberty
Vendor
CVE Published:
24 February 2017

What is CVE-2016-4487?

The libiberty component of the GNU Compiler Collection contains a use-after-free vulnerability that can be exploited by remote attackers. By crafting a specific binary, an attacker can trigger a denial of service condition, leading to segmentation faults and potential crashes of the application. This security flaw is particularly relevant for scenarios involving the analysis of untrusted binaries, where malicious inputs can lead to system instability.

References

http://www.securityfocus.com/bid/90025
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2016/05/05/5
mailing-listx_refsource_MLIST
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.