avr-binutils: multiple issues

2014-11-19T00:00:00
ID ASA-201411-20
Type archlinux
Reporter Arch Linux
Modified 2014-11-19T00:00:00

Description

  • CVE-2014-8484 (invalid read) Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd.

  • CVE-2014-8485 (out-of-bounds write) Lack of range checking leading to controlled write in _bfd_elf_setup_sections() which results in denial of service or possible code execution in programs using libbfd.

  • CVE-2014-8501 (out-of-bounds write) Out-of-bounds write when parsing specially crafted PE executable leads to denial of service in "strings", "nm" and "objdump".

  • CVE-2014-8502 (heap overflow) Heap buffer overflow when parsing specially crafted PE executable leads to denial of service in "objdump".

  • CVE-2014-8503 (stack overflow) Stack overflow in "objdump" when parsing specially crafted ihex files leads to denial of service or code execution.

  • CVE-2014-8504 (stack overflow) Stack overflow in the SREC parser leads to denial of service or code execution when parsing specially crafted files.

  • CVE-2014-8737 (directory traversal) Directory traversal vulnerability allowing arbitrary file deletion and creation.

  • CVE-2014-8738 (out-of-bounds write) Out-of-bounds memory write while processing a crafted "ar" archive leads to denial of service in "objdump".