CVE-2021-35495: 
TIBCO JasperReports Server vulnerability analysis and mitigation

A vulnerability exists in GNU binutils versions prior to 2.34, specifically in the /bfd/pef.c file. The vulnerability is tracked as CVE-2020-35495 and was discovered in December 2020 (NVD).

The vulnerability is a NULL pointer dereference flaw that occurs when processing crafted input files with the objdump program. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).

The primary impact of this vulnerability is on application availability. When successfully exploited, it can cause the objdump program to crash, leading to a denial of service condition. The vulnerability does not affect confidentiality or integrity of the system (Red Hat Bugzilla).

The vulnerability has been fixed in GNU binutils version 2.34 and later. Users are advised to upgrade to the latest version of binutils. Multiple vendors have released security advisories and patches, including Red Hat, Fedora, Gentoo, and NetApp (NetApp Advisory).