View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2019-12972 severity moderate: SUSE including 465 source package names (0.23.1-12.3:binutils-2.35-7.11.1, 0.23.1-12.3:libctf-nobfd0-2.35-7.11.1, …), 1365 product×package rows across 307 product lines (Container bci/bci-sle15-kernel-module-devel, Container bci/gcc, … (307 product lines)): Fixed 1132, Known Affected 231, Known Not Affected 2.
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.