A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
Gentoo Security Padawan
will be in 2.31.1 patchlevel 6
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
All affected versions are gone or masked. @security please proceed.
This issue was resolved and addressed in
GLSA 201908-01 at https://security.gentoo.org/glsa/201908-01
by GLSA coordinator Aaron Bauman (b-man).