SUSE CVE-2016-2091

The dwarfreadciefdeprefix function in dwarfframe2.c in libdwarf 20151114 allows attackers to cause a denial of service out-of-bounds read via a crafted ELF object file...

SUSE CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiate...

SUSE CVE-2017-5330

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications...

SUSE CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

SUSE CVE-2017-6420

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...

SUSE CVE-2017-7610

The checkgroup function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file...

SUSE CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

SUSE CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

SUSE CVE-2017-8421

The function coffsetalignmenthook in coffcode.h in Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dumprelocsinsection in objdump.c can...

SUSE CVE-2017-9039

GNU Binutils 2.28 allows remote attackers to cause a denial of service memory consumption via a crafted ELF file with many program headers, related to the getprogramheaders function in readelf.c...

SUSE CVE-2017-10708

An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file...

SUSE CVE-2017-13757

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to elfi386getsyntheticsymtab...

SUSE CVE-2017-14128

The decodelineinfo function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service read1byte heap-based buffer over-read and application crash via a crafted ELF file...

SUSE CVE-2017-14939

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to...

SUSE CVE-2017-14974

The getsyntheticsymtab functions in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a...

SUSE CVE-2017-15020

dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file, related to parsedie and...

SUSE CVE-2017-15225

bfddwarf2cleanupdebuginfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service memory leak via a crafted ELF file...

SUSE CVE-2017-16828

The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...

SUSE CVE-2017-16832

The pebfdreadbuildid function in peicode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service segmentation violation and applicatio...

SUSE CVE-2017-17122

The dumprelocsinsection function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service excessive memory allocation, or heap-based buffer overflow and application crash or possibly have unspecified other...