Remote Code Execution via Crafted ELF Section Group Headers

Remote Code Execution via Crafted ELF Section Group Headers

CVE-2014-8485 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

Learn more about our Web Application Penetration Testing UK.