Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-x83a-7tj6-2fcp
Vulnerability ID VCID-x83a-7tj6-2fcp
Aliases CVE-2012-3509
Summary libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-190 Integer Overflow or Wraparound
CWE-122 Heap-based Buffer Overflow
CWE-189 Numeric Errors
System Score Found at
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
epss 0.01748 https://api.first.org/data/v1/epss?cve=CVE-2012-3509
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-3509
Reference id Reference type URL
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3509.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3509
http://security-tracker.debian.org/tracker/CVE-2012-3509
https://exchange.xforce.ibmcloud.com/vulnerabilities/78135
http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
http://www.openwall.com/lists/oss-security/2012/08/29/3
http://www.securityfocus.com/bid/55281
http://www.ubuntu.com/usn/USN-2496-1
688951 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688951
849693 https://bugzilla.redhat.com/show_bug.cgi?id=849693
cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE-2012-3509 https://nvd.nist.gov/vuln/detail/CVE-2012-3509
USN-2496-1 https://usn.ubuntu.com/2496-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3509
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.8247
EPSS Score 0.01748
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:54:26.991300+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3509.json 38.0.0