CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

CVE-2019-7665

CVE-2019-7665 affects elfutils 0.175, where a heap-based buffer over-read in elf32_xlatetom.c (libelf) can trigger a crash/DoS when processing crafted ELF input, due to malformed core file notes not being rejected. Upstream remediation is in elfutils 0.176; several advisories (Arch Linux ASA-2019...

CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

CVE-2019-7664

CVE-2019-7664 affects elfutils 0.175: a negative-sized memcpy in libelf/note_xlate.h (elf_cvt_note) due to an incorrect overflow check can cause a segmentation fault and denial of service when processing crafted ELF input. Upstream fix is in elfutils 0.176; several advisories (Arch Linux ASA-2019...

UBUNTU-CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

Photon OS 1.0: Elfutils PHSA-2019-1.0-0204

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0204. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Elfutils PHSA-2018-1.0-0194

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0194. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 2.0: Elfutils PHSA-2018-2.0-0108

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0108. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2019-7146

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

Design/Logic Flaw

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

Code injection

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

ALPINE-CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

CVE-2019-7148

An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...

CVE-2019-7146

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

UBUNTU-CVE-2019-7148

An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...

CVE-2019-7148

An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...

DEBIAN-CVE-2019-7146

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

CVE-2019-7149

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...