In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
2.30-21ubuntu1~18.04.82.34-6ubuntu1.42.38-4ubuntu2.12.24-5ubuntu14.2+esm62.26.1-1ubuntu1~16.04.8+esm5Exploitability
AV:LAC:LPR:NUI:RScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H