PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-5033 Libdwarf Project CVE debrief

CVE-2016-5033 describes an out-of-bounds read in libdwarf’s print_exprloc_content function. According to NVD, a crafted file can trigger the issue in libdwarf versions before 2016-09-23, leading to a denial of service. The official severity is CVSS 6.5 (MEDIUM), with network reachability but user interaction required to process the malicious file.

Vendor
Libdwarf Project
Product
Libdwarf
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-17
Original CVE updated
2026-05-13
Advisory published
2017-02-17
Advisory updated
2026-05-13

Who should care

Teams that build, package, ship, or embed libdwarf; maintainers of tools that parse DWARF data; and defenders responsible for systems that ingest untrusted files containing debug information.

Technical summary

NVD classifies the weakness as CWE-125 (out-of-bounds read). The vulnerable code path is print_exprloc_content in libdwarf, and the issue is reachable through a crafted file. The NVD CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating no privileges are needed, but user interaction is required and availability impact is high.

Defensive priority

Medium priority. The issue is publicly documented and has a clear affected-version boundary, but it is not listed as a known KEV item in the supplied data. Prioritize if libdwarf is present in exposed file-processing workflows or if untrusted files are routinely opened or parsed.

Recommended defensive actions

  • Verify whether any deployed products or build pipelines use libdwarf versions earlier than 2016-09-23.
  • Upgrade to a libdwarf release at or after 2016-09-23, or apply the vendor-provided fix if you maintain a downstream package.
  • Reduce exposure by restricting which files can be submitted to libdwarf-based parsers and by validating untrusted inputs before parsing.
  • If you cannot upgrade immediately, place libdwarf-based processing behind user workflow controls and monitoring so malformed files are less likely to be opened unintentionally.
  • Track downstream distributions and embedded copies of libdwarf, not just the upstream package, because packaged libraries may lag behind upstream fixes.

Evidence notes

The vulnerability description and affected-version boundary come from the supplied NVD record for CVE-2016-5033. The record states: "The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." NVD also supplies CVSS 3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and CWE-125. Reference links in the corpus include an OSS-security mailing list patch post dated 2016-05-24, an OSS-security mailing list exploit-related post dated 2016-05-25, and a Prevanders advisory page.

Official resources

Publicly disclosed in the supplied NVD record on 2017-02-17, with supporting reference material dated May 2016.