{"id":"CVE-2016-9558","details":"(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a \"negation overflow.\"","modified":"2026-04-01T23:56:50.177691Z","published":"2017-02-28T18:59:00.313Z","references":[{"type":"ADVISORY","url":"https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"},{"type":"ADVISORY","url":"https://www.prevanders.net/dwarfbug.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94491"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/11/19/6"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/11/23/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/davea42/libdwarf-code","events":[{"introduced":"0"},{"fixed":"fd1d490f0815994a870744d99660ed72585f3741"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20161124"}]}}],"versions":["20110113","20110605","20110607","20110612","20110908","20111009","20111030","20111214","20120410","20121127","20121130","20130125","20130126","20130207","20130729","20130729-b","20140131","20140208","20140413","20140519","20140805","20150112","20150115","20150310","20150507","20150913","20150915","20151114","20160116","20160507","20160613","20160923","20160929","20161001","20161021"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"1999-12-14"},{"fixed":"2016-11-24"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9558.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}