961142 – (CVE-2015-8750) VUL-1: CVE-2015-8750: libdwarf: NULL dereference in libdwarf

Bug 961142 (CVE-2015-8750) - VUL-1: CVE-2015-8750: libdwarf: NULL dereference in libdwarf

Summary: VUL-1: CVE-2015-8750: libdwarf: NULL dereference in libdwarf

Status:	RESOLVED FIXED

Alias:	CVE-2015-8750

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Michael Matz
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/160425/
Whiteboard:	CVSSv2:SUSE:CVE-2015-8750:2.1:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-01-08 11:59 UTC by Johannes Segitz
Modified:	2024-05-20 11:40 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer file (2.92 KB, application/zip) 2016-01-08 11:59 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-01-08 11:59:28 UTC

Created attachment 661212 [details]
Reproducer file

CVE-2015-8750, rh#1294264

Attached file causes NULL deref in libdwarf. Fixed in 11750a2838e52953013e3114ef27b3c7b1780697. We have this maintained in SLE 11 SP3/4 SDK and openSUSE.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8750
http://seclists.org/oss-sec/2016/q1/45
https://bugzilla.redhat.com/show_bug.cgi?id=1294264

Comment 1 Swamp Workflow Management 2016-01-08 23:00:24 UTC

bugbot adjusting priority