PatchSiren cyber security CVE debrief

CVE-2016-5039 Libdwarf Project CVE debrief

CVE-2016-5039 is a high-severity out-of-bounds read in libdwarf’s get_attr_value path. When libdwarf processes a crafted object with all bits set, the flaw can trigger a denial of service. NVD lists affected libdwarf versions as ending before 2016-09-23, and the public references show the patch/advisory discussion was already public in May 2016, before the CVE record was published in February 2017.

Vendor: Libdwarf Project
Product: CVE-2016-5039
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-17
Original CVE updated: 2026-05-13
Advisory published: 2017-02-17
Advisory updated: 2026-05-13

Who should care

Organizations that ship or embed libdwarf should care, especially if the library is used to parse DWARF data from untrusted or attacker-controlled files. Security teams should also review downstream packages that vendor libdwarf and any services that expose parsing of external inputs.

Technical summary

The vulnerability is tracked as CWE-125 (out-of-bounds read). NVD describes the issue as affecting libdwarf before 20160923, with the vulnerable function identified as get_attr_value. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates a remotely reachable availability impact, consistent with a crash or service disruption during parsing of a crafted object.

Defensive priority

High. The base score is 7.5 and the impact is availability-only but severe. Prioritize remediation wherever libdwarf can be reached by untrusted input, and especially in network-facing or automated processing pipelines that parse external DWARF objects.

Recommended defensive actions

Upgrade libdwarf to a version newer than 2016-09-23, which NVD lists as the vulnerable-version cutoff.
Inventory applications and packages that depend on libdwarf, including vendored copies, and confirm whether they process untrusted input.
If immediate upgrade is not possible, restrict or validate any externally supplied DWARF/object files before they reach libdwarf parsing code.
Add crash monitoring and input-source logging around any service that uses libdwarf so malformed-file handling can be detected quickly.
Recheck downstream distributions and rebuilds for bundled libdwarf copies, since the issue may persist in repackaged software even after upstream fixes.

Evidence notes

Evidence comes from the official NVD record, which classifies the weakness as CWE-125 and lists the affected range ending before 2016-09-23, plus the referenced Openwall mailing-list posts and the prevanders.net advisory entry. The referenced mailing-list items are dated 2016-05-24 and 2016-05-25, showing that patch/advisory discussion predates the CVE publication date of 2017-02-17. The NVD record was last modified on 2026-05-13, which should not be confused with the original vulnerability disclosure date.

Official resources

CVE-2016-5039 CVE record
CVE.org
CVE-2016-5039 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Patch, Third Party Advisory
Mitigation or vendor reference
[email protected] - Exploit, Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

The CVE record was published on 2017-02-17 and last modified on 2026-05-13. The referenced public discussion and patch/advisory material dates to May 2016, while NVD’s affected-version cutoff indicates remediation before 2016-09-23.