CLSA-2026-1779266445 binutils: Fix of 4 CVEs

CVE-2026-3441: XCOFF linker XTYLD xscnlen out-of-bounds read - CVE-2026-3442: XCOFF linker rsymndx out-of-bounds read in objxcoffsymhashes - CVE-2025-7545: objcopy heap buffer overflow on --interleave with crafted small input - CVE-2025-5245: objdump SEGV / NULL deref in debugtypesamep and...

CLSA-2026-1779093100 binutils: Fix of 6 CVEs

CVE-2022-38533: fix heap buffer overflow in bfdgetl32 from stripmain with crafted COFF file - CVE-2022-47007: fix memory leak in stabdemanglev3arg in stabs.c - CVE-2022-47008: fix memory leak in maketempdir and maketempname in bucomm.c - CVE-2022-47010: fix memory leak in prfunctiontype in...

CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

CLSA-2026-1775726631 binutils: Fix of 9 CVEs

CVE-2023-1972: fix heap buffer overflow in bfdelfslurpversiontables - CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL...

EUVD-2026-14435

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

GNU BinUtils 缓冲区错误漏洞

GNU BinUtils is a set of programming tools for processing binary files in the GNU community in the United States. The GNU Binutils contain a buffer error vulnerability, which stems from handling specially crafted XCOFF object files and may lead to information leakage...

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

CLSA-2025-1765289777 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

USN-7894-1: EDK II vulnerabilities

It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. CVE-2023-45236, CVE-2023-45237 It was discovered that EDK II...

EUVD-2025-147859

Malicious code in tehah-coff-brew npm...

EUVD-2017-4023

Malware in sbrugna...

EUVD-2017-8289

Malware in sbrugna...

EUVD-2023-42875

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-17123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The coffslurpreloctable function in coffcode.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote...

Linux Distros Unpatched Vulnerability : CVE-2017-17121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service memory access...

Linux Distros Unpatched Vulnerability : CVE-2017-12451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bfdxcoffreadarhdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

kernel: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

...