CVE-2022-38533: Heap overflow in BFD compressed section decompression

01dcaad2-cd12-4cb4-9d0e-c56b304cdc3c

A heap buffer overflow vulnerability exists in binutils BFD library when processing compressed ELF sections. When decompressing a section marked with SHF_COMPRESSED flag, if the compressed_size field in the section header is smaller than the compression header size (typically 12 bytes), an integer underflow occurs during size calculation, causing the decompression function to read far beyond the allocated buffer boundary.

Node Details

Public graph metadata

Updated5/1/2026

Connections

6 linked nodes

PERTAIN_TODomain

Stack Buffer Overflow

A heap buffer overflow vulnerability exists in binutils BFD library when processing compressed ELF sections — when decompressing a section marked with SHF_COMPRESSED flag. Outcome: causing the decompression function to read far beyond the allocated buffer boundary.

DESCRIBES_SOLUTIONSolution

The fix is to validate that sec->compressed_size is at least as large as compression_header_size before performing the subtraction. — after line 332. Outcome: If this condition is not met, the decompression should be aborted with an appropriate error.

IDENTIFIESRootCause

in bfd/compress.c in the bfd_get_full_section_contents function. Tension: Without validation that sec->compressed_size >= compression_header_size, an unsigned integer underflow can occur. Outcome: resulting in a very large value being passed to decompress_contents.

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info