CVE-2026-6845

A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service DoS by tricking a user into processing a specially crafted Executable and Linkable Format ELF file. The exploitation of this flaw can lead to the system...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the readelf process. An attacker can cause the application to crash or exhaust system resources by convincing a user to process a specially crafted ELF file. Workaround This vulnerability can be mitigated by...

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

...

Linux Distros Unpatched Vulnerability : CVE-2017-16805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file, related to...

OESA-2025-1853 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

SUSE CVE-2017-16828

The displaydebugframes function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service integer overflow and heap-based buffer over-read, and application crash or possibly have unspecified other impact via a crafted ELF file, related to printdebugframe...

SUSE CVE-2018-17358

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in bfdstabsectionfindnearestline in syms.c. Attackers could leverage this vulnerability to cause a denial of service application crash via a crafted E...

PT-2022-24621 · Toaruos · Toaruos

Name of the Vulnerable Software and Affected Versions: ToaruOS version 2.0.1 Description: The issue allows for remote code execution when a crafted ELF file is parsed, due to a global overflow in the readelf component. Recommendations: For ToaruOS version 2.0.1, consider avoiding the use of reade...

DEBIAN-CVE-2020-24821

A vulnerability in the dwarf::cursor::skipform function of Libelfin v0.3 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted ELF file...

binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash

The swapstdrelocin function in aoutx.h in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service aout32swapstdrelocout NULL pointer dereference and application crash via a crafted ELF file, as demonstrated by...

DEBIAN-CVE-2018-10360

The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

Netwide Assembler Buffer Overflow Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A stack buffer out-of-bounds read vulnerability exists in the 'disasm' function of the disasm/disasm.c file in NASM version 2.13. A remote attacker can exploit this vulnerability to cause a denial of...

UBUNTU-CVE-2017-14939

decodelineinfo in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to...

PT-2011-3362 · Red Hat · Systemtap +1

Name of the Vulnerable Software and Affected Versions: SystemTap version 1.4 Description: The issue allows local users to cause a denial of service, resulting in a divide-by-zero error and OOPS, by utilizing a crafted ELF program with DWARF expressions that are not properly handled by a stap scri...