The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
Upstream Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22009
CVE Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13716
2.29 only just got keyworded, so let's give it some waiting time.
This is a bug in the C++ demangler, which is part of the libiberty sources.
These sources are managed by the GCC project, so please could you refile
this bug report with the GCC bugzilla system ? Thanks.
This should be ready to close. Please confirm.
ok to close
@security: please close