33 matches found
CVE-2024-25260
The CVE-2024-25260 affecting elfutils concerns a NULL pointer dereference in readelf.c (handle_verdef function) when using elfutils v0.189. The issue is tied to versions before 0.189-6 per connected data; impact is limited to availability (crash/denial of service) with no confidentiality or integ...
CVE-2019-7665
CVE-2019-7665 affects elfutils 0.175, where a heap-based buffer over-read in elf32_xlatetom.c (libelf) can trigger a crash/DoS when processing crafted ELF input, due to malformed core file notes not being rejected. Upstream remediation is in elfutils 0.176; several advisories (Arch Linux ASA-2019...
CVE-2019-7150
The CVE-2019-7150 issue affects elfutils (0.175) where elf64_xlatetom in libelf/elf32_xlatetom.c can segfault because dwfl_segment_report_module does not check if core file dyn data is truncated. This leads to a crash/denial-of-service when processing crafted ELF inputs (as demonstrated by eu-sta...
CVE-2018-16062
CVE-2018-16062 affects elfutils (libdw/dwarf_getaranges.c) where the function dwarf_getaranges() can read beyond ELF section limits, allowing a crafted file to cause a denial of service via a heap-based buffer over-read. Public advisories and vendor notes link this to elfutils releases prior to 2...
CVE-2018-18520
CVE-2018-18520 – elfutils (libelf): In elfutils up to v0.174, the function elf_end mishandles recursive ar files (eu-size/handle_ar in size.c) by closing the outer ar file before finishing inner entries, enabling an invalid memory access that can crash the application (denial of service). This is...
CVE-2019-7664
CVE-2019-7664 affects elfutils 0.175: a negative-sized memcpy in libelf/note_xlate.h (elf_cvt_note) due to an incorrect overflow check can cause a segmentation fault and denial of service when processing crafted ELF input. Upstream fix is in elfutils 0.176; several advisories (Arch Linux ASA-2019...
CVE-2018-16402
CVE-2018-16402 affects elfutils (libelf/elf_end.c) where double decompression of sections can lead to a denial of service or application crash. Affected upstream version is 0.173. Public advisories confirm a remediation path: upgrade elfutils to newer releases (e.g., 0.176) across affected platfo...
CVE-2018-18310
CVE-2018-18310 is an invalid memory address dereference in libdwfl/dwfl_segment_report_module.c of elfutils (through v0.174) that can cause a denial of service (application crash) when processing a crafted ELF file. Connected advisories confirm the issue and indicate that upstream fixes exist in ...
CVE-2018-18521
The CVE-2018-18521 issue is a confirmed vulnerability in elfutils: a Divide-by-Zero in arlib_add_symbols() (arlib.c) when processing crafted ELF files, caused by a mishandled zero sh_entsize. This can lead to denial of service (application crash). Affected upstream releases prior to fix include e...
CVE-2018-16403
CVE-2018-16403 affects elfutils 0.173. The vulnerability is a heap-based buffer over-read in libdw, specifically in dwarf_getabbrev.c and dwarf_hasattr.c, which can lead to an application crash when processing crafted files. The issue is confirmed by multiple advisories (e.g., RHSA-2019:2197; ALA...
CVE-2017-7608
Technical details about CVE-2017-7608 are not publicly provided in the supplied Connected documents. The initial description notes a heap-based read in ebl_object_note_type_name but no further details or remediation in these sources.
CVE-2017-7610
CVE-2017-7610 refers to a vulnerability in elfutils 0.168 where the check_group function in elflint.c can be triggered by a crafted ELF file to cause a heap-based buffer over-read and application crash. The initial description states the vulnerability and impact; no connected documents provide ad...
CVE-2019-7149
CVE-2019-7149 affects elfutils 0.175 (libdw) where read_srclines.c contains a heap-based buffer over-read that can trigger segmentation faults and denial of service when processing crafted input. The issue is documented across multiple advisories (e.g., ALAS2-2019-1337, ASA-201903-9, CentOS/RHEL ...
CVE-2017-7611
CVE-2017-7611 affects Elfutils 0.168, where the check_symtab_shndx function in elflint.c is vulnerable to a heap-based buffer over-read via a crafted ELF file, leading to denial of service (application crash). The Connected documents also describe related ELF utils DoS variants (e.g., 2017-7612/7...
CVE-2017-7612
CVE-2017-7612 affects Elfutils (elflint.c) with a heap-based buffer over-read in check_sysv_hash, enabling a crafted ELF file to cause a denial of service (application crash). The connected IBM CVE list confirms the same root cause and impact framing for Elfutils; no additional product/version de...
CVE-2017-7613
CVE-2017-7613 affects Elfutils 0.168. The vulnerability arises from memory allocation failure in elflint.c when opening a crafted ELF file, leading to denial of service via memory exhaustion. Affected product: Elfutils (version 0.168). Root cause: insufficient validation of number of sections/seg...
CVE-2017-7607
CVE-2017-7607 affects the Elfutils project (readelf.c, handle_gnu_hash) with a vulnerability in elfutils 0.168 where a crafted ELF file can trigger a heap-based buffer over-read, causing an application crash. The Initial Description explicitly notes the crash vector via a crafted ELF file. Connec...
CVE-2017-7609
Technical details about CVE-2017-7609 are not publicly provided in the connected documents. Please monitor for updates from the source or vendor advisories to obtain affected products, impact, and remediation information.
CVE-2020-21047
CVE-2020-21047 affects elfutils’ libcpu (used by libasm, elfutils 0.177, git 47780c9e). It enables a denial-of-service via an out-of-bounds write (CWE-787), off-by-one error (CWE-193), and reachable assertion (CWE-617). Exploitation requires crafting ELF files that bypass bound checks. The vulner...
CVE-2019-7146
CVE-2019-7146 affects elfutils 0.175 where a buffer over-read in the ebl_object_note path (libebl) can be triggered by a crafted ELF file, enabling a denial-of-service as demonstrated by eu-readelf. The issue is rooted in reading ELF core/notes data without proper bounds checks. Public advisories...
CVE-2019-7148
CVE-2019-7148 is a vulnerability in elfutils 0.174 where an attempted excessive memory allocation in read_long_names could lead to a denial of service via crafted ELF input. The issue is discussed across multiple NT/vendor advisories, which note ASAN-related warnings and indicate later elfutils r...
CVE-2014-9447
ELF utilities (elfutils) vulnerable in versions 0.152 and 0.161 due to a directory traversal in libelf/elf_begin.cread_long_names that lets remote attackers write to arbitrary files in the root directory via a crafted archive (ar). Impact is ability to modify files on the root; remediation is upd...
CVE-2016-10255
Elfutils: CVE-2016-10255 affects the __libelf_set_rawdata_wrlock path in elf_getdata.c, where crafted sh_off/sh_size ELF header values can trigger a memory allocation failure and crash. This corresponds to memory allocation issues that enable a Denial of Service via a crafted ELF file. Affected p...
CVE-2025-1376
CVE-2025-1376 affects GNU elfutils 0.192, specifically the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip . The manipulation leads to a denial of service and requires a local attack. The exploitation difficulty is described as high, and the exploit has been disc...
CVE-2016-10254
CVE-2016-10254 affects Elfutils. The vulnerability is due to memory allocation failure in allocate_elf (common.h), where crafting an ELF file can crash the program and cause a denial of service. The documents do not provide a remediation/patch details; only indicate Elfutils before 0.168 as affec...
CVE-2021-33294
The CVE-2021-33294 issue affects elfutils 0.183, with an infinite loop in handle_symtab (readelf.c) that allows a crafted file to trigger a denial of service. The Broadcom/IBM listings corroborate the infinite-loop DoS description. No public details on a fixed version are provided in the connecte...
CVE-2025-1372
GNU elfutils 0.192 is affected, specifically the eu-readelf component (dump_data_section/print_string_section in readelf.c). The issue arises from manipulating the z/x argument, causing a buffer overflow. Exploitation is described as local, with public disclosure of the exploit. A patch is identi...
CVE-2025-1377
CVE-2025-1377 affects GNU elfutils 0.192, specifically the function gelf_getsymshndx in eu-strip/strip.c. The vulnerability allows a local attacker to cause a denial of service. Several connected advisories confirm the same issue and cite the patch identifier fbf1df9ca286de3323ae541973b08449f8d03...
CVE-2025-1365
GNU elfutils 0.192 (eu-readelf) is affected; the vulnerability lives in readelf.c, function process_symtab, where manipulating the D/a argument causes a buffer overflow. Local access is required; exploitation has been disclosed. A patch is identified by git: 5e5c0394d82c53e97750fe7b18023e6f84157b...
CVE-2014-0172
Summary: CVE-2014-0172 affects elfutils (libdw) with an integer overflow in check_section() of dwarf_begin_elf.c, causing a heap-based buffer overflow. This could allow a remote attacker to crash the affected application or potentially execute arbitrary code through a malformed compressed debug s...
CVE-2025-1352
CVE-2025-1352 concerns GNU elfutils 0.192. The vulnerability affects the __libdw_thread_tail function in eu-readelf (libdw_alloc.c), where manipulation of the w argument leads to memory corruption. Nessus/NVD entries describe remote exploitation with high complexity and publicly disclosed exploit...
CVE-2025-1371
GNU elfutils 0.192 is affected via readelf.c in the eu-read handle_dynamic_symtab code path, where a null pointer dereference can occur with local attack access. The vulnerability is described as exploitable locally, and public exploits/ PoCs have been disclosed. A patch is available (commit/tag ...
CVE-2018-8769
CVE-2018-8769 affects elfutils version 0.170. The vulnerability is a buffer over-read in the function ebl_dynamic_tag_name (libebl/ebldynamictagname.c) when SYMTAB_SHNDX is unsupported. Multiple sources (NVD, CNVD, OSV, CVE lists) concur on the underlying cause and description. The issue is tied ...