The vulnerability of the `dump_relocs_in_section` function in the `objdump.c` component of the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the dumprelocsinsection function in the objdump.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the bfd_getl32 function in the libbfd.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdgetl32 function in the libbfd.c component of the GNU Binutils development environment involves reading data beyond the acceptable buffer size. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created PE file...

CLSA-2023-1696880132 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

CLSA-2023-1696879225 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

CLSA-2023-1696351864 Fix CVE(s): CVE-2020-19726, CVE-2020-19724, CVE-2020-21490, CVE-2020-35342

SECURITY UPDATE: uninitialized-heap vulnerability in function tic4xprintcond in file opcodes/tic4x-dis.c - debian/patches/CVE-2020-35342.patch: Init all of condtable - CVE-2020-35342 SECURITY UPDATE: a memory consumption issue in getdata function in binutils/nm.c -...

CVE-2023-43760

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure...

CVE-2023-42523

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security fo...

PortEx - Java Library To Analyse Portable Executable Files With A Special Focus On Malware Analysis And PE Malformation Robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header,...

CVE-2023-2226

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

Velocidex Velociraptor 缓冲区错误漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based state information. A security vulnerability exists in Velocidex Velociraptor versions prior to 0.6.8 that stems from insufficient validation of the PE and OLE parsers,...

PortexAnalyzerGUI - Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library

Graphical interface for PortEx, a Portable Executable and Malware Analysis Library Download Releases page Features Header information from: MSDOS Header, Rich Header, COFF File Header, Optional Header, Section Table PE Structures: Import Section, Resource Section, Export Section, Debug Section...

K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service scanning service crash and execute arbitrary code via a crafted Portable Executable PE file that leads to a heap-based buffer overflow when less memory is allocated...

SUSE CVE-2008-0318

Integer overflow in the cliscanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow...

SUSE CVE-2014-8501

The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable...

SUSE CVE-2014-8502

Heap-based buffer overflow in the peprintedata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a truncated export table in a PE file...

SUSE CVE-2017-6420

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...

SUSE CVE-2017-8421

The function coffsetalignmenthook in coffcode.h in Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dumprelocsinsection in objdump.c can...

SUSE CVE-2017-16832

The pebfdreadbuildid function in peicode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service segmentation violation and applicatio...

SUSE CVE-2017-17122

The dumprelocsinsection function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service excessive memory allocation, or heap-based buffer overflow and application crash or possibly have unspecified other...