[cesarb]

There's also readelf:

$ readelf -d /bin/ls

[...] Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libselinux.so.1] 0x0000000000000001 (NEEDED) Shared library: [libcap.so.2] 0x0000000000000001 (NEEDED) Shared library: [libacl.so.1] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] [...]

I don't know how careful readelf is with its input validation.

[fabulist]

The article mentions readelf as using the same buggy library :(

[kayamon]

readelf specifically doesn't use BFD - one of it's majors reasons for existence is to validate libbfd.

[fabulist]

Hmm, my mistake. You're completely correct.

From the readelf man page:

      This program performs a similar function to objdump but it goes into
      more detail and it exists independently of the BFD library,
      so if there is a bug in BFD then readelf will not be affected.