SUSE CVE-2016-9812

The gstmpegtssectionnew function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service out-of-bounds read via a too small section...

SUSE CVE-2017-7209

The dumpsectionasbytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash...

SUSE CVE-2017-13710

The setupgroup function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a group section that is too small...

SUSE CVE-2017-17121

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service memory access violation or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the...

SUSE CVE-2017-17126

The loaddebugsection function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service invalid memory access and application crash or possibly have unspecified other impact via an ELF file that lacks section headers...

SUSE CVE-2017-1000249

An issue in file was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 Oct 2016 lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 Aug 2017...

SUSE CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

SUSE CVE-2018-8945

The bfdsectionfromshdr function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service segmentation fault via a large attribute section...

SUSE CVE-2018-10535

The ignoresectionsym function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, does not validate the outputsection pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial o...

SUSE CVE-2018-20671

loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...

SUSE CVE-2019-12972

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in bfddoprnt in bfd.c because elfobjectp in elfcode.h mishandles an eshstrndx section of type SHTGROUP by omitting a trailing '\0' character...

SUSE CVE-2019-14249

dwarfelfloadheaders.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service division by zero via an ELF file with a zero-size section group SHTGROUP, as demonstrated by dwarfdump...

SUSE CVE-2019-14295

An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory...

SUSE CVE-2020-22278

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents...

SUSE CVE-2021-33289

In NTFS-3G versions 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...

SUSE CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given...

SUSE CVE-2022-0813

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pmaparameter, and the cookie section...

SUSE CVE-2022-0891

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

SUSE CVE-2022-2953

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8...

SUSE CVE-2022-33025

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c...