Key Information about the Vulnerability Vulnerability Type: Heap-based buffer overflow in elfutils. exploread Format: GLSA 201612-32. Affected Package: dev-libs/elfutils on all architectures. Affected Versions: = 0.159. Release Date: December 13, 2016. Latest Revision: December 13, 2016: 2. Severity: normal. Exploitable: remote. Bugzilla Entry: 507246. CVE Identifier: CVE-2014-0172. Background Elfutils provides a library and utilities to access, modify and analyze ELF objects. Description An integer overflow in the function of , in the library, can lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted file, potentially resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround There is no known workaround at this time. Resolution All elfutils users should upgrade to the latest version: References CVE-2014-0172