276 matches found
CVE-2023-1972
CVE-2023-1972 is a memory corruption issue in GNU Binutils. The initial description confirms a potential heap-based buffer overflow in _bfd_elf_slurp_version_tables() within bfd/elf.c, which may lead to loss of availability. Connected documents specify affected package family as binutils and note...
CVE-2023-1579
CVE-2023-1579 is a heap-based buffer overflow in GNU binutils’ binutils-gdb/bfd/libbfd.c (function bfd_getl64 ). The connected documents confirm this is triggered when processing input, enabling a potential local attacker to cause a crash or execute arbitrary code, as reflected by the CVSS vector...
CVE-2022-38533
CVE-2022-38533 affects GNU binutils prior to 2.40. A heap-buffer-overflow in the error function bfd_getl32, triggered when binutils is used by strip-new/strip_main on a crafted file, can lead to a crash and, in some disclosures, potential code execution. The issue is documented across multiple co...
CVE-2019-14250
The CVE-2019-14250 entry affects GNU Binutils (libiberty) and is caused by an missing check for a zero shstrndx in simple-object-elf.c: simple_object_elf_match can overflow memory, causing a heap-based buffer overflow. Affected component: GNU Binutils/libiberty. Root cause: integer overflow from ...
CVE-2019-17450
CVE-2019-17450 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.32, where find_abstract_instance in dwarf2.c can cause infinite recursion and denial of service via a crafted ELF file. Public sources in connected documents indicate a remediation: upgrade Binutils to a patched version (e.g....
CVE-2018-7208
CVE-2018-7208 : In GNU Binutils libbfd (Binary File Descriptor) 2.30, coff_pointerize_aux() in coffgen.c does not validate an index, enabling a crafted COFF file to cause a denial of service (segmentation fault) or potentially other impact. Exploitation is demonstrated via COFF object handling (o...
CVE-2018-8945
CVE-2018-8945 affects the Binary File Descriptor library (libbfd) within GNU Binutils 2.30. The bfd_section_from_shdr function can be triggered by a crafted attribute section in an ELF file, causing a remote denial of service (segmentation fault). Public advisories and CVE lists (CentOS/CESA, Gen...
CVE-2018-7643
CVE-2018-7643 affects GNU Binutils 2.30. The vulnerability is caused by an integer overflow in display_debug_ranges in dwarf.c, enabling a remote attacker to cause a denial of service (crash) via a crafted ELF file (as shown by objdump). Related advisories in connected docs confirm impact in Binu...
CVE-2018-7568
CVE-2018-7568 affects the GNU Binutils libbfd component; specifically, an integer wraparound/overflow in the parse_die path (dwarf1.c) when processing ELF files with corrupted DWARF debug info, potentially allowing a remote attacker to crash the application (denial of service). Several connected ...
CVE-2018-7642
Summary: CVE-2018-7642 affects the GNU Binutils Binary File Descriptor library (libbfd) in the aoutx.h path, with a vulnerability in swap_std_reloc_in that can trigger a NULL pointer dereference when processing crafted ELF files, causing a denial of service. The vulnerability is evidenced in mult...
CVE-2018-1000876
The CVE-2018-1000876 vulnerability affects GNU binutils up to version 2.32 and earlier, with the flaw in the object dump and relocation code (objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc) that can trigger an integer overflow leading to a heap overflow. This could all...
CVE-2018-7569
CVE-2018-7569 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30 and earlier. The flaw resides in dwarf2.c where a crafted ELF file containing a corrupted DWARF FORM block can trigger an integer underflow/overflow, leading to a denial of service (application crash). Th...
CVE-2019-9075
CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...
CVE-2018-19931
CVE-2018-19931 affects the GNU Binutils Binary File Descriptor library (libbfd) as shipped in Binutils
CVE-2019-9074
CVE-2019-9074 affects the GNU Binutils Binary File Descriptor library (libbfd) bundled in Binutils 2.32. It is an out-of-bounds read in bfd_getl32 called from pei-x86_64.c, leading to a SEGV. Several connected advisories confirm impact on local attackers via crafted ELF/PE files and DoS, with pos...
CVE-2020-35448
CVE-2020-35448 affects GNU Binutils’ libbfd in CP4S (Binary File Descriptor) integration. The issue is a heap-based buffer over-read in bfd_getl_signed_32 in libbfd.c caused by lack of validation of sh_entsize in _bfd_elf_slurp_secondary_reloc_section() in elf.c, which can crash the application (...
CVE-2021-20197
CVE-2021-20197 is a local race-condition vulnerability in GNU Binutils (affecting ar, objcopy, strip, ranlib) up to version 2.35. An unprivileged user can exploit a symlink-based race window when these tools run as a privileged user to gain ownership of arbitrary files. The provided documents con...
CVE-2018-6543
CVE-2018-6543 affects GNU Binutils 2.30. The issue is an integer overflow in load_specific_debug_section() in objdump.c, which can cause malloc() with a size of 0 for crafted ELF files. This can lead to a denial of service (application crash) and possibly other unmanaged effects when a victim ope...
CVE-2019-12972
CVE-2019-12972 is a heap-based buffer over-read in the Binary File Descriptor (BFD) library (libbfd) distributed with GNU Binutils 2.32. The vulnerability arises in _bfd_doprnt in bfd.c where elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' ...
CVE-2018-20651
CVE-2018-20651 is a vulnerability in GNU Binutils (libbfd) where a NULL pointer is dereferenced in elf_link_add_object_symbols (elflink.c) when processing a crafted ET_DYN ELF without program headers. This leads to denial of service and is described as remote-exploit in ld. Connected advisories (...
CVE-2019-9077
CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...
CVE-2019-17451
CVE-2019-17451 is a vulnerability in GNU Binutils 2.32 (libbfd) where an integer overflow in _bfd_dwarf2_find_nearest_line (dwarf2.c) can cause a SEGV. Affected products reference Binutils in various IBM Netezza/NPS advisories and Astra Linux; remediation is to upgrade to a newer Binutils version...
CVE-2021-45078
CVE-2021-45078 affects GNU Binutils (binutils) with a heap-based buffer overflow in the stab handling path (stab_xcoff_builtin_type / finish_stab in stabs.c). The issue is present in Binutils up to version 2.37; exploitation can cause a denial of service and potentially other impact as demonstrat...
CVE-2018-7570
CVE-2018-7570 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.30, where assign_file_positions_for_non_load_sections in elf.c can cause a NULL pointer dereference/DoS when processing an ELF with a RELRO segment lacking a matching LOAD. Exploitation details are not provided in the document...
CVE-2018-10535
CVE-2018-10535 affects GNU Binutils’ libbfd (ignore_section_sym in elf.c) where a symtab entry with a SECTION type and value 0 can lead to a NULL pointer dereference and crash via a crafted file (e.g., objcopy). The issue is reported for Binutils 2.30 with a vulnerable path in ignore_section_sym ...
CVE-2018-19932
CVE-2018-19932 affects GNU Binutils libbfd. The issue is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Public docs describe it as a vulnerability in binutils through 2.31 with potential stability/denial effects; remediation quoted in connected sources is ...
CVE-2019-14444
CVE-2019-14444: GNU Binutils 2.32 contains an integer overflow in readelf/elfcomm.c (byte_put_little_endian) that can trigger a denial of service via crafted ELF files. IBM Netezza products have addressed this by upgrading Binutils; remediation patches include Netezza Analytics 3.3.8 (and related...
CVE-2022-48064
CVE-2022-48064 affects GNU Binutils up to version 2.40, where an excessive memory consumption vulnerability in bfd_dwarf2_find_nearest_line_with_alt (dwarf2.c) can be triggered by a crafted ELF file, enabling a remote attacker to cause a DNS attack. IBM/Red Hat/Amazon advisories indicate this req...
CVE-2018-6759
CVE-2018-6759 affects GNU Binutils libbfd (BFD) in Binutils 2.30. The bfd_get_debug_link_info_1 function in opncls.c uses an unchecked strnlen, enabling remote-crafted ELF files to trigger a denial of service (segmentation fault). Remediation per vendor advisories is to upgrade Binutils to a newe...
CVE-2018-20623
CVE-2018-20623 affects GNU Binutils 2.31.1. A use-after-free in elfcomm.c: error() when called from readelf.c:process_archive via a crafted ELF can cause a crash. This is echoed in the Astra Linux bulletin. No exploitation details or patch/version fixes are provided in the supplied documents; rem...
CVE-2018-6323
CVE-2018-6323 : In GNU Binutils’ libbfd, the elf_object_p function in elfcode.h contains an unsigned integer overflow due to missing use of bfd_size_type in multiplication. A crafted ELF file can remotely crash the application (DoS) or have unspecified other impact. This CVE is referenced in IBM ...
CVE-2020-35507
CVE-2020-35507 (binutils) concerns a NULL pointer dereference in bfd_pef_parse_function_stubs in bfd/pef.c when processing crafted files with objdump, affecting versions prior to 2.34. This is a Binutils issue that can impact availability. The Astra Linux security bulletin mirrors this flaw and c...
CVE-2018-10372
GNU Binutils 2.30 contains a heap-based buffer over-read in process_cu_tu_index (dwarf.c) that can be triggered by processing a crafted binary file (e.g., via readelf), leading to denial of service. The issue affects Binutils 2.30 as distributed in affected builds and has been addressed in later ...
CVE-2018-13033
CVE-2018-13033 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30, enabling an attacker to cause a denial of service (excessive memory allocation and crash) via a crafted ELF file during nm execution. Connected advisories confirm a fix path through updates to binutils ...
CVE-2018-6872
CVE-2018-6872 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30. The vulnerability is in the function elf_parse_notes (elf.c) and allows a remote attacker to cause a denial of service via an out-of-bounds read leading to segmentation fault when processing a note with ...
CVE-2022-4285
CVE-2022-4285 is a memory access flaw in GNU binutils that can cause a denial of service when parsing an ELF file with corrupt symbol version information. It stems from an incomplete fix for CVE-2020-16599. Multiple sources (including AlmaLinux advisories and Broadcom/Brocade disclosures referenc...
CVE-2022-48065
CVE-2022-48065 affects GNU Binutils up to version 2.39.x (before 2.40). The vulnerability is a memory leak in the function find_abstract_instance in the file dwarf2.c . The issue can lead to increased memory consumption and, as reported in sources, potential crashes. The connected documents consi...
CVE-2018-10373
CVE-2018-10373 is a vulnerability in the GNU Binutils Binary File Descriptor library (libbfd), specifically in the function concat_filename() in dwarf2.c. The issue (present in Binutils 2.30) allows remote attackers to trigger a denial of service via a crafted binary file, caused by a NULL pointe...
CVE-2018-10534
CVE-2018-10534 is a vulnerability in GNU Binutils’ Binary File Descriptor library (libbfd). The issue arises in the function sequence involving the _bfd_XX_bfd_copy_private_bfd_data_common routine (peXXigen.c) when processing a negative Data Directory size, which enters an unbounded loop and expa...
CVE-2018-20671
CVE-2018-20671 affects GNU Binutils up to version 2.31.1, where load_specific_debug_section in objdump.c may overflow an integer, triggering a heap-based buffer overflow via a crafted section size. Connected docs confirm the same description in Astra Linux security bulletin and related advisories...
CVE-2022-45703
CVE-2022-45703 is a heap buffer overflow in GNU binutils' readelf tool (readelf.c, display_debug_section) affecting readelf before 2.40. The vulnerability could lead to arbitrary code execution or a crash per the description; the issue is addressed by upgrading to binutils 2.40 or newer. Exploita...
CVE-2023-25588
CVE-2023-25588 affects GNU Binutils: the the_bfd field of the asymbol struct is uninitialized in bfd_mach_o_get_synthetic_symtab, potentially causing a crash and local denial of service. Exploitation details are not provided in the documents reviewed here. Several advisories reference this CVE am...
CVE-2018-17358
CVE-2018-17358 : A vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.31 allows an invalid memory access in _bfd_stab_section_find_nearest_line (syms.c). This can be triggered by processing a crafted ELF file and may cause an application crash (DoS...
CVE-2018-18605
CVE-2018-18605 affects GNU Binutils libbfd (BFD) where a heap-based buffer over-read occurs in sec_merge_hash_lookup during section merges when entsize does not divide the size. This can allow remote DoS via specially crafted ELF (as demonstrated by ld). Affected products reference Binutils 2.31;...
CVE-2018-17359
CVE-2018-17359 affects the GNU Binutils Binary File Descriptor (BFD) library (libbfd). The issue is an invalid memory access in bfd_zalloc within opncls.c that can be triggered by a crafted ELF file, leading to a denial of service (application crash). Affected component: GNU Binutils (libbfd) as ...
CVE-2018-17360
The CVE-2018-17360 issue is a vulnerability in the GNU Binutils Binary File Descriptor (BFD) library (libbfd). Concrete details in connected documents show a heap-based buffer over-read in bfd_getl32() within libbfd.c, exploitable via a crafted PE file and triggerable by objdump. The Astra Linux ...
CVE-2018-18309
CVE-2018-18309 affects the GNU Binutils Binary File Descriptor library (libbfd) as distributed with Binutils 2.31. The issue is an invalid memory address dereference in read_reloc (reloc.c) that can cause a segmentation fault and application crash, leading to denial of service due to missing boun...
CVE-2021-20284
CVE-2021-20284 affects GNU Binutils (version 2.35.1) with a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section (elf.c) caused by incorrect calculation of the number of symbols. The vulnerability is described as having a highest impact on availability. The provided materials iden...
CVE-2022-44840
CVE-2022-44840: A heap/denial-of-service vulnerability in GNU Binutils readelf.c (find_section_in_set) affects readelf up to version before 2.40. A locally authenticated attacker could craft input to trigger a heap-based buffer overflow, potentially causing a crash or denial of service. Public de...
CVE-2025-1153
GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...