Lucene search

K

GNU Binutils Security Vulnerabilities

cve
cve

CVE-2018-17360

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the...

5.5CVSS

5.8AI Score

0.001EPSS

2018-09-23 06:29 PM
130
cve
cve

CVE-2018-17359

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF...

5.5CVSS

5.7AI Score

0.001EPSS

2018-09-23 06:29 PM
125
cve
cve

CVE-2018-17358

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via.....

5.5CVSS

5.7AI Score

0.002EPSS

2018-09-23 06:29 PM
129
cve
cve

CVE-2018-13033

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in....

5.5CVSS

5.8AI Score

0.01EPSS

2018-07-01 04:29 PM
128
cve
cve

CVE-2018-12934

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of...

7.5CVSS

6.1AI Score

0.006EPSS

2018-06-28 02:29 PM
57
cve
cve

CVE-2018-12697

A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of...

7.5CVSS

7.4AI Score

0.005EPSS

2018-06-23 11:29 PM
96
cve
cve

CVE-2018-12699

finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of...

9.8CVSS

8.4AI Score

0.014EPSS

2018-06-23 11:29 PM
92
2
cve
cve

CVE-2018-12698

demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of...

7.5CVSS

7.3AI Score

0.005EPSS

2018-06-23 11:29 PM
63
cve
cve

CVE-2018-12641

An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type,...

5.5CVSS

6.1AI Score

0.003EPSS

2018-06-22 12:29 PM
85
cve
cve

CVE-2018-10534

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so...

5.5CVSS

6.1AI Score

0.001EPSS

2018-04-29 03:29 PM
131
cve
cve

CVE-2018-10535

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a...

5.5CVSS

5.8AI Score

0.004EPSS

2018-04-29 03:29 PM
142
cve
cve

CVE-2018-10372

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by...

5.5CVSS

5.9AI Score

0.005EPSS

2018-04-25 09:29 AM
135
cve
cve

CVE-2018-10373

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by...

6.5CVSS

6.3AI Score

0.009EPSS

2018-04-25 09:29 AM
133
cve
cve

CVE-2018-9996

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and...

5.5CVSS

5.6AI Score

0.0005EPSS

2018-04-10 10:29 PM
48
cve
cve

CVE-2018-9138

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and...

5.5CVSS

6.1AI Score

0.001EPSS

2018-03-30 08:29 AM
51
cve
cve

CVE-2018-8945

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute...

5.5CVSS

5.9AI Score

0.009EPSS

2018-03-22 09:29 PM
216
cve
cve

CVE-2018-7643

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by...

7.8CVSS

7.9AI Score

0.008EPSS

2018-03-02 03:29 PM
209
cve
cve

CVE-2018-7568

The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by.....

5.5CVSS

6.1AI Score

0.004EPSS

2018-02-28 09:29 PM
207
cve
cve

CVE-2018-7569

dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by...

5.5CVSS

6AI Score

0.008EPSS

2018-02-28 09:29 PM
201
cve
cve

CVE-2018-7208

In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a....

7.8CVSS

6.7AI Score

0.009EPSS

2018-02-18 04:29 AM
221
cve
cve

CVE-2018-6759

The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted...

5.5CVSS

5.7AI Score

0.005EPSS

2018-02-06 09:29 PM
153
cve
cve

CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in malloc() with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other...

7.8CVSS

6.8AI Score

0.006EPSS

2018-02-02 09:29 AM
166
cve
cve

CVE-2018-6323

The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service...

7.8CVSS

6.8AI Score

0.01EPSS

2018-01-26 08:29 AM
140
cve
cve

CVE-2017-17080

elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related....

5.5CVSS

5.9AI Score

0.001EPSS

2017-11-30 09:29 PM
42
cve
cve

CVE-2017-14930

Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF...

5.5CVSS

5.7AI Score

0.001EPSS

2017-09-30 01:29 AM
60
cve
cve

CVE-2017-14333

The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during...

7.8CVSS

6.8AI Score

0.001EPSS

2017-09-12 08:29 AM
61
cve
cve

CVE-2017-12967

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex...

6.5CVSS

5.9AI Score

0.005EPSS

2017-08-19 04:29 PM
52
cve
cve

CVE-2017-12799

The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary...

7.8CVSS

6.8AI Score

0.003EPSS

2017-08-10 06:29 PM
58
cve
cve

CVE-2017-12456

The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary...

7.8CVSS

5.9AI Score

0.002EPSS

2017-08-04 03:29 PM
55
cve
cve

CVE-2017-9955

The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger...

5.5CVSS

5.9AI Score

0.001EPSS

2017-06-26 11:29 PM
39
cve
cve

CVE-2017-9954

The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling...

5.5CVSS

5.8AI Score

0.004EPSS

2017-06-26 11:29 PM
49
cve
cve

CVE-2017-9750

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this...

7.8CVSS

6.9AI Score

0.027EPSS

2017-06-19 04:29 AM
60
cve
cve

CVE-2017-9749

The regs macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D"...

7.8CVSS

7.9AI Score

0.027EPSS

2017-06-19 04:29 AM
66
cve
cve

CVE-2017-9745

The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted...

7.8CVSS

6.8AI Score

0.01EPSS

2017-06-19 04:29 AM
42
cve
cve

CVE-2017-9756

The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...

7.8CVSS

6.9AI Score

0.027EPSS

2017-06-19 04:29 AM
61
cve
cve

CVE-2017-9748

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary...

7.8CVSS

7.3AI Score

0.032EPSS

2017-06-19 04:29 AM
55
cve
cve

CVE-2017-9755

opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of.....

7.8CVSS

6.8AI Score

0.011EPSS

2017-06-19 04:29 AM
59
cve
cve

CVE-2017-9746

The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file...

7.8CVSS

7AI Score

0.027EPSS

2017-06-19 04:29 AM
62
cve
cve

CVE-2017-9754

The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have...

7.8CVSS

8AI Score

0.01EPSS

2017-06-19 04:29 AM
52
cve
cve

CVE-2017-9751

opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...

7.8CVSS

6.8AI Score

0.011EPSS

2017-06-19 04:29 AM
43
cve
cve

CVE-2017-9752

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by...

7.8CVSS

7.9AI Score

0.01EPSS

2017-06-19 04:29 AM
47
cve
cve

CVE-2017-9747

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary.....

7.8CVSS

7.3AI Score

0.032EPSS

2017-06-19 04:29 AM
59
cve
cve

CVE-2017-9743

The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...

7.8CVSS

8AI Score

0.011EPSS

2017-06-19 04:29 AM
39
cve
cve

CVE-2017-9742

The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D".....

7.8CVSS

7.9AI Score

0.027EPSS

2017-06-19 04:29 AM
56
cve
cve

CVE-2017-9744

The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a...

7.8CVSS

7.9AI Score

0.01EPSS

2017-06-19 04:29 AM
47
cve
cve

CVE-2017-9753

The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or...

7.8CVSS

7.9AI Score

0.01EPSS

2017-06-19 04:29 AM
48
cve
cve

CVE-2017-9044

The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF...

5.5CVSS

5.7AI Score

0.001EPSS

2017-05-18 01:29 AM
44
cve
cve

CVE-2017-8421

The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in...

5.5CVSS

6.6AI Score

0.001EPSS

2017-05-02 05:59 PM
58
cve
cve

CVE-2017-8394

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd...

7.5CVSS

6.8AI Score

0.001EPSS

2017-05-01 06:59 PM
48
cve
cve

CVE-2017-8392

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an.....

7.5CVSS

6.9AI Score

0.001EPSS

2017-05-01 06:59 PM
49
Total number of security vulnerabilities225