Oracle Linux 8 : gcc-toolset-14-binutils (ELSA-2026-2627)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2627 advisory. 2.41-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130636 Thu Feb 20 2025 Nick Clifton - Backport fixes for PR 32082 and P...

gcc-toolset-14-binutils security update

2.41-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130636 Thu Feb 20 2025 Nick Clifton - Backport fixes for PR 32082 and PR 32153 in order to fix the PR 20267 linker tests. 2.41-3 - NVR Bump to allow rebuilding with GTS-14 gcc. RHEL-53519 2.41-2 - Fix s390x...

Oracle Linux 9 : gcc-toolset-15-binutils (ELSA-2026-1359)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1359 advisory. 2.44-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130674 Tenable has extracted the preceding description block directly...

gcc-toolset-15-binutils security update

2.44-3.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130674...

gcc-toolset-14-binutils security update

2.41-5.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130669...

Oracle Linux 9 : gcc-toolset-14-binutils (ELSA-2026-0052)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0052 advisory. 2.41-5.1 - Fix a potential illegal memory access when linking a corrupt input file. RHEL-130669 Tenable has extracted the preceding description block directly...

gcc-toolset-13-binutils security update

2.40-21.0.1.1 - Forward-port Oracle patches to 2.40-21.1. - CVE-2025-11083 - Reviewed-by: David Faust Oracle history: April-02-2024 Jose E. Marchesi - 2.40-21.0.1 - Forward-port Oracle patchs to 2.40-21. - Reviewed-by: Cupertino Miranda December-15-2023 Jose E. Marchesi - 2.40-13.0.1 - libctf,...

OpenEXR < 3.4.3 -- multiple vulnerabilities

Cary Phillips reports: Patch release that addresses several bugs, primarily involving properly rejecting corrupt input data. He goes on to report various relevant items including heap buffer overflows, use-after-free, use of uninitialized memory and other bugs, several of them found by OSS-fuzz,...

EUVD-2017-16003

Malware in sbrugna...

Heap overflow

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow...

UBUNTU-CVE-2017-6965

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow...

DEBIAN-CVE-2017-6965

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow...

Fedora 20 : ufraw-0.19.2-10.fc20 (2013-22832)

This update hardens ufraw against corrupt input files which might trigger a division by zero, an infinite loop, or a NULL pointer dereference otherwise. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempt...

Fedora 19 : ufraw-0.19.2-10.fc19 (2013-22924)

This update hardens ufraw against corrupt input files which might trigger a division by zero, an infinite loop, or a NULL pointer dereference otherwise. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempt...

Fedora 18 : ufraw-0.19.2-10.fc18 (2013-22899)

This update hardens ufraw against corrupt input files which might trigger a division by zero, an infinite loop, or a NULL pointer dereference otherwise. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempt...

CVE-2012-0823

VP8 Codec SDK libvpx before 1.0.0 "Duclair" allows remote attackers to cause a denial of service application crash via 1 unspecified "corrupt input" or 2 by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks"...

CVE-2012-0823

VP8 Codec SDK libvpx before 1.0.0 "Duclair" allows remote attackers to cause a denial of service application crash via 1 unspecified "corrupt input" or 2 by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks"...