Launchpad.net

CVE 2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2012-3509 (Candidate) is related to these bugs:

Bug #251288: Crash should depend on binutils

		In	Importance	Status
251288	Crash should depend on binutils	crash (Ubuntu)	Medium	Fix Released
251288	Crash should depend on binutils	crash (Debian)	Unknown	Fix Released
251288	Crash should depend on binutils	crash (Ubuntu Precise)	Medium	Fix Released
251288	Crash should depend on binutils	crash (Ubuntu Quantal)	Medium	Fix Released
251288	Crash should depend on binutils	crash (Ubuntu Raring)	Medium	Fix Released

Bug #1064475: crash version is outdated. Needs to import Debian version of the package

		In	Importance	Status
1064475	crash version is outdated. Needs to import Debian version of the package	crash (Ubuntu)	Medium	Fix Released
1064475	crash version is outdated. Needs to import Debian version of the package	crash (Ubuntu Precise)	Medium	Fix Released
1064475	crash version is outdated. Needs to import Debian version of the package	crash (Ubuntu Quantal)	Medium	Fix Released
1064475	crash version is outdated. Needs to import Debian version of the package	crash (Ubuntu Raring)	Undecided	Fix Released

Bug #1351227: libwebp ftbfs on arm64

		In	Importance	Status
1351227	libwebp ftbfs on arm64	libwebp (Ubuntu)	High	Fix Released
1351227	libwebp ftbfs on arm64	gcc-4.9 (Ubuntu)	High	Fix Released
1351227	libwebp ftbfs on arm64	gcc	Wishlist	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3509

Related bugs and status

Related bugs

References