{"id":"MGASA-2019-0222","summary":"Updated elfutils packages fix security vulnerabilities","details":"It was discovered that elfutils incorrectly handled certain malformed\nfiles. If a user or automated system were tricked into processing a\nspecially crafted file, elfutils could be made to crash or consume\nresources, resulting in a denial of service (CVE-2017-7607, CVE-2017-7608,\nCVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613,\nCVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310,\nCVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150,\nCVE-2019-7665).\n\nIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note\nin libelf/note_xlate.h because of an incorrect overflow check. Crafted elf\ninput causes a segmentation fault, leading to denial of service (program\ncrash) (CVE-2019-7664).\n","modified":"2026-04-16T04:43:55.834749981Z","published":"2019-08-18T12:39:41Z","upstream":["CVE-2017-7607","CVE-2017-7608","CVE-2017-7609","CVE-2017-7610","CVE-2017-7611","CVE-2017-7612","CVE-2017-7613","CVE-2018-16062","CVE-2018-16402","CVE-2018-16403","CVE-2018-18310","CVE-2018-18520","CVE-2018-18521","CVE-2019-7149","CVE-2019-7150","CVE-2019-7664","CVE-2019-7665"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0222.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23160"},{"type":"WEB","url":"https://usn.ubuntu.com/3670-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4012-1/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN/"}],"affected":[{"package":{"name":"elfutils","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/elfutils?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.176-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0222.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}