The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service via a crafted dwarf file.