CVE-2019-9076

CVE-2019-9076: In GNU Binutils’ Binary File Descriptor library (libbfd) distributed with Binutils 2.32, elf_read_notes in elf.c permits an excessive memory allocation. Connected advisories document the vulnerability in Binutils 2.32 and reference downstream fixes. The EulerOS/Gentoo GLSA entries ...

CVE-2019-9076

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elfreadnotes in elf.c...

CVE-2019-9077

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in processmipsspecific in readelf.c via a malformed MIPS option section...

CVE-2019-9070

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in dexpression1 in cp-demangle.c after many recursive calls...

CVE-2019-9077

CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...

CVE-2019-9072

CVE-2019-9072 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. The issue is an attempted excessive memory allocation in setup_group() within elf.c, which can enable a denial-of-service through memory exhaustion when processing ELF files. Public advisori...

CVE-2019-9075

CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...

CVE-2019-9073

CVE-2019-9073 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables (elf.c). This can impact availability (PARTIAL per CVSSv3), with local attack vector and no confidentiality/in...

CVE-2019-9074

CVE-2019-9074 affects the GNU Binutils Binary File Descriptor library (libbfd) bundled in Binutils 2.32. It is an out-of-bounds read in bfd_getl32 called from pei-x86_64.c, leading to a SEGV. Several connected advisories confirm impact on local attackers via crafted ELF/PE files and DoS, with pos...

CVE-2019-9074

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c, when called from pex64getruntimefunction in pei-x8664.c...

CVE-2019-9075

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c...

CVE-2019-9077

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in processmipsspecific in readelf.c via a malformed MIPS option section...

CVE-2019-9073

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in bfdelfslurpversiontables in elf.c...

CVE-2019-9075

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in bfdarchive64bitslurparmap in archive64.c...

CVE-2019-9073

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in bfdelfslurpversiontables in elf.c...

CVE-2019-9074

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c, when called from pex64getruntimefunction in pei-x8664.c...

PT-2019-6366 · Gnu +3 · Gnu Binutils +3

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.32 Description: The issue is a heap-based buffer over-read in the d expression 1 function in cp-demangle.c after many recursive calls. This can allow a remote attacker to access confidential data, compromise data...

The vulnerability of the sec_merge_hash_lookup function in the GNU Binutils development tool, related to incorrect checking of memory access boundaries, allows a hacker to trigger a service failure.

The vulnerability of the secmergehashlookup function in the GNU Binutils development tooling is related to improper checking of memory access boundaries, which can lead to reading beyond the buffer’s bounds, especially when the size of a segment is not a multiple of the size of a single record...

The vulnerability of the GNU Binutils development tool lies in its ability to perform an unlimited number of recursive calls for a group of functions, allowing an attacker to trigger a service failure.

The vulnerability of the GNU Binutils development tooling is related to the unlimited recursive execution of a set of functions demanglenestedargs, demangleargs, doarg, and dotype from the cplus-dem.c file. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the `parse_die` function in the GNU Binutils development environment allows a perpetrator to trigger a service failure.

The vulnerability of the parsedie function in the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure through an ELF file with corrupted debugging information in dwarf1...