ALAS2023-2023-093

A double-free vulnerability was found in libdwarf's dwarf_expand_frame_instructions() function of the dwarf_frame.c file. A carefully crafted object file could cause the 'dwarfdump' utility to do a double free in handling an error condition. This issue could cause a segmentation violation or other major error, terminating the calling application and resulting in a denial of service. (CVE-2022-39170)

aarch64:
    libdwarf-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-devel-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-tools-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-static-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-debuginfo-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-debugsource-0.5.0-1.amzn2023.0.2.aarch64
    libdwarf-tools-debuginfo-0.5.0-1.amzn2023.0.2.aarch64

src:
    libdwarf-0.5.0-1.amzn2023.0.2.src

x86_64:
    libdwarf-debuginfo-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-tools-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-tools-debuginfo-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-static-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-debugsource-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-devel-0.5.0-1.amzn2023.0.2.x86_64
    libdwarf-0.5.0-1.amzn2023.0.2.x86_64