It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | binutils | 2015-12-14 10:00 | ALAS-2015-620 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 2.6 | AV:L/AC:H/Au:N/C:P/I:N/A:P |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |