CVE-2016-5044 log

Source
Severity High
Remote No
Type Arbitrary code execution
Description
A vulnerability was found in libdwarf in dwarf_elf_access.c:1071. A crafted ELF file may lead to a large offset value, which bigger than the size of target_section heap chunk, then this WRITE_UNALIGNED() function will write the value of &outval out of the heap chunk. The offset is a 64bit unsigned int value, so this is more than a heap overflow bug, but also a out-of-bound write bug.
Group Package Affected Fixed Severity Status Ticket
AVG-89 libdwarf 20161021-1 20161124-1 High Fixed
Date Advisory Group Package Severity Description
03 Dec 2016 ASA-201612-4 AVG-89 libdwarf High multiple issues
References
https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f
http://seclists.org/oss-sec/2016/q2/393