PatchSiren cyber security CVE debrief

CVE-2016-5036 Libdwarf Project CVE debrief

CVE-2016-5036 is a high-severity libdwarf vulnerability in the dump_block function in print_sections.c. When libdwarf processes crafted frame data, the bug can trigger an out-of-bounds read and crash the program, resulting in denial of service. NVD rates the issue CVSS 3.1 7.5 (HIGH), with no privileges or user interaction required and availability impact only. The vulnerable version range in NVD ends before 2016-09-23.

Vendor: Libdwarf Project
Product: CVE-2016-5036
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-17
Original CVE updated: 2026-05-13
Advisory published: 2017-02-17
Advisory updated: 2026-05-13

Who should care

Administrators and developers using libdwarf directly or through downstream tools that parse untrusted DWARF or frame data should care most. Security teams for Linux distributions, build systems, crash-analysis tools, and any software that embeds libdwarf should prioritize verification and updates.

Technical summary

The flaw is classified as CWE-125 (out-of-bounds read). According to NVD, the vulnerable CPE covers libdwarf versions from 1999-12-14 up to, but not including, 2016-09-23. The issue is described as a remote denial-of-service condition caused by crafted frame data reaching dump_block in print_sections.c. NVD’s CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Defensive priority

High for any environment that may process attacker-controlled or externally supplied DWARF/frame data. Because the impact is availability-only but reachable without authentication or user interaction, patching or replacement should be treated as a near-term maintenance priority.

Recommended defensive actions

Upgrade libdwarf to a version at or after 2016-09-23, since NVD marks earlier versions as vulnerable.
Inventory products and build dependencies that bundle or link against libdwarf, including indirect dependencies.
Treat untrusted DWARF/frame data as attacker-controlled input and limit exposure where practical.
Re-test any tooling that parses crash dumps, binaries, or frame information after updating libdwarf.
Monitor downstream vendor advisories or release notes if your platform packages libdwarf separately.

Evidence notes

The CVE description and NVD metadata identify the issue as an out-of-bounds read in dump_block within print_sections.c, affecting libdwarf before 2016-09-23. NVD lists CWE-125 and a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Public reference links include oss-security posts on 2016-05-24 and 2016-05-25, plus a third-party advisory at prevanders.net. This debrief uses the supplied CVE published date of 2017-02-17 for publication context and does not treat that as the time the bug was introduced or discovered.

Official resources

CVE-2016-5036 CVE record
CVE.org
CVE-2016-5036 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Patch, Third Party Advisory
Mitigation or vendor reference
[email protected] - Exploit, Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

Public references linked from the CVE point to oss-security posts dated 2016-05-24 and 2016-05-25, while the CVE record itself was published on 2017-02-17. Use the published date for record context only; the vulnerability existed earlier in