A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.
The product calls free() twice on the same memory address.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Binutils | Gnu | 2.35 (including) | 2.35 (including) |
| Binutils | Ubuntu | trusty | * |