PatchSiren cyber security CVE debrief

CVE-2015-8750 Libdwarf Project CVE debrief

CVE-2015-8750 is a denial-of-service vulnerability in libdwarf 20151114 and earlier. According to NVD, a remote attacker can trigger a NULL pointer dereference and crash by supplying an ELF file whose debug_abbrev section is marked NOBITS. The issue is classified as CWE-476 and has a CVSS v3.1 score of 6.5 (Medium), reflecting network attack conditions but requiring user interaction to process the malicious file.

Vendor: Libdwarf Project
Product: CVE-2015-8750
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Teams that build, package, or embed libdwarf; maintainers of tools that parse ELF binaries or DWARF debug data; and operators of services that accept untrusted files for inspection, indexing, or analysis.

Technical summary

NVD lists libdwarf_project:libdwarf versions from 1999-12-14 through 2015-11-14 as vulnerable. The flaw is a NULL pointer dereference reachable when libdwarf parses an ELF file containing a debug_abbrev section marked NOBITS, which can lead to a process crash. NVD maps the weakness to CWE-476 and rates impact as availability-only (C/I:N, A:H).

Defensive priority

Medium. The issue can crash parsing workflows, but NVD does not indicate code execution or data corruption. Prioritize if libdwarf is used on untrusted or externally supplied ELF files, or if crashes would disrupt build, triage, or analysis pipelines.

Recommended defensive actions

Upgrade libdwarf to a version newer than 2015-11-14, or apply the upstream fix referenced in the public patch/issue trail.
If you vendor libdwarf from source, verify your build includes the fix associated with the referenced commit and release notes.
Treat ELF and DWARF inputs as untrusted; isolate parsers in a sandbox or separate process to limit crash impact.
Add regression tests or fuzz cases for malformed ELF files, including debug_abbrev sections marked NOBITS.
Monitor for crashes or abnormal exits in any service that ingests third-party binaries or debug information.

Evidence notes

This debrief is based on the official NVD CVE record and the references listed there. NVD states the vulnerable range is through 2015-11-14 and identifies the issue as a NULL pointer dereference caused by a debug_abbrev section marked NOBITS in an ELF file. The reference trail includes an oss-security mailing list thread dated 2016-01-07, a Red Hat Bugzilla issue, and a GitHub commit reference associated with the fix. The CVE was published in NVD/CVE records on 2017-02-13; the later 2026-05-13 NVD modification is a database update, not the original disclosure date.

Official resources

CVE-2015-8750 CVE record
CVE.org
CVE-2015-8750 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Patch, Third Party Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
Mitigation or vendor reference
[email protected] - Broken Link, Issue Tracking, Patch, Third Party Advisory

Publicly disclosed in the CVE/NVD record on 2017-02-13. The reference trail in the CVE record shows patch and issue-tracking activity in January 2016.