CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

CVE-2026-39856

osslsigncode (before 2.13) has an out-of-bounds read in PE page-hash calculation (pe_page_hash_calc) when processing PE sections. The code uses PointerToRawData and SizeOfRawData from section headers without ensuring the referenced region lies within the mapped file, allowing an attacker to craft...

PT-2026-31646

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pe page hash calc. When page hash processing is performed on a PE file, the function...

osslsigncode 数字错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual project. It implements some functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to version 2.13 contained a numerical error vulnerability. This vulnerability stemmed from the PE page hash calculati...

Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow Graphs

Transformer-based malware detection systems operating on graph modalities such as control flow graphs CFGs achieve strong performance by modeling structural relationships in program behavior. However, their robustness to adversarial evasion attacks remains underexplored. This paper examines the...

Machine Learning Transferability for Malware Detection

Malware continues to be a predominant operational risk for organizations, especially when obfuscation techniques are used to evade detection. Despite the ongoing efforts in the development of Machine Learning ML detection approaches, there is still a lack of feature compatibility in public...

K000160212: Binutils vulnerability CVE-2025-66865

Security Advisory Description An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66865 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

K000159856: Binutils vulnerability CVE-2025-66862

Security Advisory Description A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66862 Impact An attacker can exploit this vulnerability to trigger a heap-based buffer over-read in...

CVE-2023-40012

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

CVE-2025-66866

A flaw was found in BinUtils. An attacker can exploit a vulnerability in the dabitags function within the cp-demangle.c file by providing a specially crafted Portable Executable PE file. This can lead to a Denial of Service DoS, making the affected application unavailable to legitimate users...

CVE-2025-66863

A flaw was found in BinUtils. Attackers can exploit this vulnerability by providing a specially crafted Portable Executable PE file. This can lead to a denial of service, making the affected application unavailable. Mitigation To reduce the risk of exploitation, users should avoid processing...

SUSE CVE-2025-66861

An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...

SUSE CVE-2025-66864

An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

SUSE CVE-2025-66865

An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

CVE-2025-66864

A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a NULL pointer dereference in the dprintcompinner function in the cp-demangle.c file, causing a crash and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or...

CVE-2025-66865

A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a stack overflow in the dprintcompinner function in the cp-demangle.c file, causing a crash and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the...

EUVD-2025-205615

An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

EUVD-2025-205616

A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

EUVD-2025-205617

An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...

EUVD-2025-205618

An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...