{"id":"CVE-2017-14729","details":"The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.","modified":"2026-07-08T12:05:25.486360Z","published":"2017-09-25T16:29:00.380Z","related":["SUSE-SU-2017:3170-1","openSUSE-SU-2024:10651-1"],"references":[{"type":"WEB","url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=56933f9e3e90eebf1018ed7417d6c1184b91db6b"},{"type":"WEB","url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360"},{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/"},{"type":"FIX","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22170"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://sourceware.org/git/binutils-gdb.git","events":[{"introduced":"dd9a28c0966d13924fbd1096a724ae334954d830"},{"last_affected":"dd9a28c0966d13924fbd1096a724ae334954d830"}],"database_specific":{"cpe":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","source":"CPE_STRING","extracted_events":[{"introduced":"2.29"},{"last_affected":"2.29"}]}}],"versions":["2.29","binutils-2_29"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14729.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}