CVE-2017-7304

CVE-2017-7304 affects the GNU Binutils BFD library (libbfd) as distributed in Binutils 2.28. The vulnerability is an invalid read (size 8) caused by a missing check for an invalid sh_link in copy_special_section_fields before following it, which can crash Binutils utilities such as strip. The pro...

CVE-2017-7302

CVE-2017-7302 affects the Binary File Descriptor (BFD) library (libbfd) bundled with GNU Binutils 2.28. It describes an invalid read (size 4) in swap_std_reloc_out due to missing checks for unrecognised relocs, which can cause Binutils utilities like strip to crash. The provided documents do not ...

CVE-2017-7303

CVE-2017-7303 : The Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28 contains an invalid read of size 4 caused by a missing null-header check in find_link, which can cause Binutils utilities like strip to crash. The connected documents corroborate Binutils/BFD-related issues and...

CVE-2017-7300

CVE-2017-7300 affects GNU Binutils (libbfd) in Binutils 2.28. The aout_link_add_symbols function (bfd/aoutx.h) allows a heap-based buffer over-read due to incomplete string-offset checks while loading symbols, leading to ld crashes. Public details in connected docs confirm the root cause and impa...

CVE-2017-7226

CVE-2017-7226 concerns the Binary File Descriptor (BFD) library (GNU Binutils) as distributed in Binutils 2.28. The vulnerability arises in the pe_ILF_object_p function, where a heap-based buffer over-read of size 4049 can occur because strlen is used instead of strnlen. This can cause program cr...

Amazon Linux AMI : binutils (ALAS-2015-620)

A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities. A buffer overflow flaw was found in the way various binutils utilities processed...

binutils: stack overflow in the SREC parser

A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application...

Ubuntu 14.04 LTS : GNU binutils vulnerabilities (USN-2496-1)

"The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2496-1 advisory. Michal Zalewski discovered that the setupgroup function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could u...

USN-2496-1 binutils vulnerabilities

Michal Zalewski discovered that the setupgroup function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service application crash or possibly execute arbitrary code. CVE-2014-8485 Hanno Böck...

DEBIAN-CVE-2014-8485

The setupgroup function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted section group headers in an ELF file...

CVE-2014-8485

The setupgroup function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted section group headers in an ELF file...

CVE-2014-8485

The setupgroup function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted section group headers in an ELF file...

CVE-2014-8485

CVE-2014-8485 concerns GNU Binutils’ libbfd (setup_group in bfd/elf.c). Affected: Binutils 2.24 and earlier. Issue: missing range checks in the ELF section group headers allow a remote attacker to crash the process or potentially execute arbitrary code. Impact: denial of service and possible code...

CVE-2014-8485

The setupgroup function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted section group headers in an ELF file...

CVE-2014-8501

The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable...

arm-none-eabi-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

mingw-w64-binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

binutils: multiple issues

CVE-2014-8484 invalid read Invalid read flaw leads to denial of service while parsing specially crafted files in programs using libbfd. - CVE-2014-8485 out-of-bounds write Lack of range checking leading to controlled write in bfdelfsetupsections which results in denial of service or possible code...

Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

No description provided by source. Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans t...

libbfd memory corruptions

Memory corruptions on ELF parsing...