Lucene search

Arch LinuxASA-201606-23

HistoryJun 25, 2016 - 12:00 a.m.

libdwarf: arbitrary code execution

2016-06-2500:00:00

Arch Linux

lists.archlinux.org

0.004 Low

EPSS

Percentile

71.9%

JSON

CVE-2016-5027 (denial of service)

Multiple NULL pointer dereference issues in several functions of
libdwarf/dwarf_leb.c, where leb128_length was wrongly assumed non-NULL.

CVE-2016-5028 (denial of service)

NULL pointer dereference issue in print_frame_inst_bytes().

CVE-2016-5029 (denial of service)

NULL pointer dereference issue in create_fullest_file_path().

CVE-2016-5030 (denial of service)

NULL pointer dereference issue in _dwarf_calculate_info_section_end_ptr().

CVE-2016-5031 (denial of service)

Out-of-bounds read bug in print_frame_inst_bytes().

CVE-2016-5032 (denial of service)

Out-of-bounds read bug in dwarf_get_xu_hash_entry().

CVE-2016-5033 (denial of service)

Out-of-bounds read bug in print_exprloc_content().

CVE-2016-5034 (arbitrary code execution)

Invalid write in dwarf_elf_access.c.

CVE-2016-5035 (denial of service)

Out-of-bounds read bug in _dwarf_read_line_table_header().

CVE-2016-5036 (denial of service)

Out-of-bounds read bug in dump_block().

CVE-2016-5037 (denial of service)

NULL pointer dereference issue in _dwarf_load_section().

CVE-2016-5038 (denial of service)

NULL pointer dereference issue in dwarf_get_macro_startend_file().

CVE-2016-5039 (denial of service)

Out-of-bounds read bug in get_attr_value().

CVE-2016-5040 (denial of service)

Out-of-bounds read bug.

CVE-2016-5041 (denial of service)

NULL pointer dereference issue.

CVE-2016-5042 (denial of service)

Infinite loop leading to out-of-bounds read in dwarf_get_aranges_list().

CVE-2016-5043 (denial of service)

Out-of-bounds read bug in dwarf_dealloc().

CVE-2016-5044 (arbitrary code execution)

Heap-overflow.

OSVersionArchitecturePackageVersionFilename
anyanyanylibdwarf< 20160613-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	libdwarf	< 20160613-1	UNKNOWN

References

seclists.org/oss-sec/2016/q2/393

access.redhat.com/security/cve/CVE-2016-5027

access.redhat.com/security/cve/CVE-2016-5028

access.redhat.com/security/cve/CVE-2016-5029

access.redhat.com/security/cve/CVE-2016-5030

access.redhat.com/security/cve/CVE-2016-5031

access.redhat.com/security/cve/CVE-2016-5032

access.redhat.com/security/cve/CVE-2016-5033

access.redhat.com/security/cve/CVE-2016-5034

access.redhat.com/security/cve/CVE-2016-5035

access.redhat.com/security/cve/CVE-2016-5036

access.redhat.com/security/cve/CVE-2016-5037

access.redhat.com/security/cve/CVE-2016-5038

access.redhat.com/security/cve/CVE-2016-5039

access.redhat.com/security/cve/CVE-2016-5040

access.redhat.com/security/cve/CVE-2016-5041

access.redhat.com/security/cve/CVE-2016-5042

access.redhat.com/security/cve/CVE-2016-5043

access.redhat.com/security/cve/CVE-2016-5044

www.prevanders.net/dwarfbug.html

0.004 Low

EPSS

Percentile

71.9%

JSON

Related for ASA-201606-23