CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...

CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort SIGABR...

CVE-2025-69644

Binutils CVE-2025-69644 affects the objdump tool prior to version 2.46. A logic flaw in processing DWARF location list headers, together with malformed debug information in a crafted binary, can trigger a denial-of-service via an unbounded loop and endless output, enabling a local attacker to cau...

Improper Validation of Specified Index, Position, or Offset in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input through the processing of crafted DWARF debug information in objdump. An attacker can cause a denial of service by supplying specially crafted input files. Remediation...

CVE-2025-69646

Binutils objdump is affected by a denial-of-service due to a logic error in handling the DWARF debug_rnglists header. A crafted input file can trigger repeated warning messages and an unbounded logging loop, causing excessive CPU and I/O usage and preventing completion of the objdump analysis. Th...

gcc-toolset-14-dwz bug fix and enhancement update

An update is available for gcc-toolset-14-dwz. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dwz package contains a program that attempts to optimize DWARF...

[SECURITY] Fedora 40 Update: libdwarf-0.9.2-1.fc40

Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification...

OESA-2024-1434 libdwarf security update

Libdwarf is a library of functions to provide read/write DWARF debugging records. Security Fixes: A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to deallocfree an allocation twice, potentially causing unpredictable and various...

Fedora: Security Advisory for libdwarf (FEDORA-2022-273a86adf0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-gimli (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rust-gimli-0.25.0-1.fc34

Library for reading and writing the DWARF debugging format...

UBUNTU-CVE-2017-9778

GNU Debugger GDB 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB...

libdwarf heap buffer overflow vulnerability (CNVD-2016-11348)

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A heap buffer overflow vulnerability exists in libdwarf. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

GDB buffer overflow

Buffer overflow in the 1 DWARF dwarfread.c and 2 DWARF2 dwarf2read.c debugging code in GNU Debugger GDB 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block DWFORMblock that contains a large number of operations...

CVE-2006-4146

Buffer overflow in the 1 DWARF dwarfread.c and 2 DWARF2 dwarf2read.c debugging code in GNU Debugger GDB 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block DWFORMblock that contains a large number of operations...

DEBIAN-CVE-2006-4146

Buffer overflow in the 1 DWARF dwarfread.c and 2 DWARF2 dwarf2read.c debugging code in GNU Debugger GDB 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block DWFORMblock that contains a large number of operations...