CVE-2016-5034 Libdwarf Project CVE debrief

Who should care

Organizations and developers that embed libdwarf or process untrusted DWARF/ELF files should care most, especially if files can be supplied by remote users, received by email, or handled by automated build, analysis, or ingestion pipelines. Systems still running libdwarf versions older than 2016-09-23 are in scope per NVD’s affected-version range.

Technical summary

The flaw is an out-of-bounds write in libdwarf’s dwarf_elf_access.c, associated with relocation record handling. A crafted file can provoke the memory corruption condition and crash the consuming process, resulting in denial of service. NVD classifies the weakness as CWE-787 and gives CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Defensive priority

Medium. Prioritize to high if libdwarf is exposed to untrusted file ingestion or runs in services that process attacker-controlled DWARF/ELF content.

Recommended defensive actions

• Upgrade libdwarf to a version newer than 2016-09-23, per NVD’s affected-version range.
• Inventory applications and services that parse DWARF/ELF content using libdwarf, including build systems and file-analysis tools.
• Restrict processing of untrusted files to isolated, least-privilege environments where practical.
• Add regression tests for malformed or truncated relocation records and other invalid DWARF/ELF inputs.
• Monitor for unexpected crashes in file-parsing workflows and treat repeated parser failures as a security signal.

Evidence notes

The CVE description states that dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted file, related to relocation records. NVD lists CWE-787 and an affected range ending before 2016-09-23. The reference set includes the CVE record, the NVD detail page, two Openwall oss-security posts from 2016-05-24 and 2016-05-25, and the prevanders.net advisory page.

Official resources