CVE-2018-18484

CVE-2018-18484 is a GNU Binutils stack exhaustion/denial-of-service in cp-demangle.c (C++ demangling) due to recursive stack usage. Public advisories (IBM Netezza Platform Software, IBM Netezza Analytics, Astra Linux bulletin) confirm the same root cause and list affected products and versions. I...

CVE-2018-18607

CVE-2018-18607 is a NULL pointer dereference in elf_link_input_bfd (elfin GNU Binutils libbfd) when locating STT_TLS symbols without a TLS section. A crafted ELF can cause denial of service (DoS); impact is consistent with DoS in affected Binutils 2.31, including remote triggering via ld in demon...

CVE-2022-48063

The connected sources confirm CVE-2022-48063 affects GNU Binutils prior to 2.40. The vulnerability is an excessive memory consumption issue in the load_separate_debug_files function (dwarf2.c). An attacker could create a crafted ELF file to trigger a DNS-based denial of service. Impact is limited...

CVE-2023-25585

Binutils contains CVE-2023-25585: the file_table field of struct module *module is uninitialized, which may cause an application crash and local denial of service. This is corroborated by multiple connected advisories (Astra Linux, Alpine Linux, Debian Security Tracker, FreeBSD VuxML, and CVE rec...

CVE-2018-17985

CVE-2018-17985 is a stack consumption vulnerability in GNU Binutils (libiberty), observed in cp-demangle.c with cplus_demangle_type performing recursive calls when many 'P' characters occur. The Astra Linux advisory mirrors this description, noting the issue in Binutils 2.31. The provided documen...

CVE-2022-47673

CVE-2022-47673 concerns Binutils addr2line prior to 2.39.3, where parse_module contains multiple out-of-bounds reads that may cause a denial of service or other unspecified impacts. This vulnerability is consistently described across multiple connected sources as a Binutils addr2line issue with o...

CVE-2020-16592

CVE-2020-16592 concerns a use-after-free in the Binary File Descriptor (libbfd) within GNU Binutils 2.34. The vulnerability is triggered in the function bfd_hash_lookup (as used by nm-new), leading to a denial of service via a crafted file. The connected documents identify the affected component ...

CVE-2018-18483

CVE-2018-18483 affects GNU Binutils (libiberty) get_count in cplus-dem.c, distributed with Binutils 2.31. The flaw allows a remote attacker to trigger a denial of service via a crafted string, due to an integer-overflow result used in a malloc call (as demonstrated by c++filt). Connected sources ...

CVE-2020-16599

CVE-2020-16599 concerns a NULL pointer dereference in the GNU Binutils library (libbfd) distributed with Binutils 2.35, specifically in _bfd_elf_get_symbol_version_string used by nm-new, which can cause a denial of service via a crafted ELF file. The connected Nessus entries note an “illegal memo...

CVE-2018-12699

CVE-2018-12699 (finish_stab in stabs.c, GNU Binutils) allows heap-based buffer overflow during objdump execution, leading to denial of service and possibly other impact. Connected records extend the issue to stab_xcoff_builtin_type in stabs.c (Binutils through 2.37), noted as related and arising ...

CVE-2019-1010204

CVE-2019-1010204 affects GNU binutils, specifically the gold linker. The vulnerability arises from a combination of improper input validation , signed/unsigned comparison , and an out-of-bounds read in the code paths for gold/fileread.cc:497 and elfcpp/elfcpp_file.h:644. The documented impact is ...

CVE-2014-8501

CVE-2014-8501 affects GNU binutils (2.24 and earlier) and was tied to handling of AOUT headers in PE executables, allowing remote denial of service (out-of-bounds write). Multiple distributions list binutils fixes (e.g., Debian, Fedora, CentOS) and note updates mitigating these issues by upgradin...

CVE-2018-18606

CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...

CVE-2021-32256

CVE-2021-32256 is a stack-overflow in demangle_type within GNU libiberty (as distributed in GNU Binutils 2.36). It affects Binutils/libiberty components (e.g., gcc/gdb contexts linked to Binutils) and can lead to denial of service via stack overflow. Connected records confirm a patched version is...

CVE-2017-16827

Technical details about CVE-2017-16827 are not included in the provided connected documents. Public details (affected product, impact, remediation) are not elaborated here beyond the initial description. Monitor for updates from official sources for specifics.

CVE-2020-19726

CVE-2020-19726 concerns GNU Binutils, specifically the libbfd.c 2.36 component. The issue allows an attacker to read or write system memory and can cause a denial of service, per the provided description. Connected advisories (Cloud Foundry USN, Debian tracker, Astra Linux, etc.) corroborate a me...

CVE-2022-35205

CVE-2022-35205 concerns GNU Binutils, specifically the readelf tool in version 2.38.50. The issue is a reachable assertion failure in display_debug_names, which can be exploited to cause a denial of service. Multiple connected documents confirm this CVE and describe the affected component as part...

CVE-2022-47695

GNU Binutils objdump before 2.39.3 is affected by CVE-2022-47695. The issue arises in bfd_mach_o_get_synthetic_symtab within match-o.c, enabling denial of service or other unspecified impacts. Affected product scope across multiple advisories references the binutils toolset (objdump) and confirms...

CVE-2022-47696

CVE-2022-47696 is a vulnerability in GNU Binutils’ objdump prior to 2.39.3 where the function compare_symbols can be exploited to cause a denial of service and other unspecified impacts. The connected sources consistently describe this as a DoS in objdump and indicate the issue affects Binutils v...

CVE-2021-20294

CVE-2021-20294 affects GNU Binutils readelf 2.35. Reading a crafted file can trigger a stack-based buffer overflow and an out-of-bounds write, with potential impact to confidentiality, integrity and availability. Exploitation details are present in a GitHub PoC (out-of-bounds write/stack overflow...

CVE-2017-16828

CVE-2017-16828 affects GNU Binutils 2.29.1. The display_debug_frames function in dwarf.c can cause a denial of service via an integer overflow and heap-based buffer over-read when processing a crafted ELF file, related to print_debug_frame. Scope: vulnerable component is the Binutils package; imp...

CVE-2018-12697

CVE-2018-12697 is a NULL pointer dereference in GNU libiberty (work_stuff_copy_to_from in cplus-dem.c) as distributed with GNU Binutils 2.30, potentially triggered during objdump. The Connected documents confirm the vulnerability in Binutils’ libiberty, but do not provide a concrete fixed version...

CVE-2018-20673

CVE-2018-20673 affects the GNU libiberty component (demangle_template() in cplus-dem.c) shipped with GNU Binutils 2.31.1, causing an integer overflow that can lead to a heap-based buffer overflow when creating an array for template argument values (as demonstrated by nm). Connected advisories ref...

CVE-2020-35496

CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...

CVE-2017-16826

CVE-2017-16826 affects GNU Binutils 2.29.1 (libbfd) via coff_slurp_line_table in coffcode.h. A crafted PE file can trigger an invalid memory access that may crash the application (DoS) and potentially other impact. The vulnerability is tied to the coff_slurp_line_table routine and the PE handling...

CVE-2020-35493

CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...

CVE-2017-16829

Public details about CVE-2017-16829 are not present in the connected documents; the provided set does not include affected product versions, impact specifics, or remediation. Monitor for updates.

CVE-2017-13716

The CVE-2017-13716 vulnerability affects the C++ demangler in cplus-dem.c (libiberty) as distributed in GNU Binutils 2.29. It allows remote attackers to trigger a denial of service through a crafted file, demonstrated via a call from the Binary File Descriptor (BFD) library. No remediation or pat...

CVE-2018-20002

CVE-2018-20002 affects GNU Binutils’ BFD library (libbfd); the _bfd_generic_read_minisymbols function leaks memory when processing crafted ELF files, causing DoS via memory consumption. Documented in multiple sources (Binutils 2.31, nm demonstration). Impact is a denial of service with potential ...

CVE-2017-16832

CVE-2017-16832 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29.1, specifically the pe_bfd_read_buildid function in peicode.h. The vulnerability arises because the data dictionary’s size and offset are not validated, which can be exploited by a crafted PE file to cause a d...

CVE-2017-17122

CVE-2017-17122 affects GNU Binutils 2.29.1 (dump_relocs_in_section in objdump.c). The vulnerability arises from not checking reloc count, enabling an integer overflow that can lead to excessive memory allocation or a heap-based buffer overflow when processing crafted PE files, potentially causing...

CVE-2023-25584

CVE-2023-25584: An out-of-bounds read flaw exists in Binutils’ parse_module function (bfd/vms-alpha.c). Connected sources (Astra Linux bulletin and related entries) reiterate the same description, confirming a vulnerability in Binutils. Documented impact includes potential crashes and possible in...

CVE-2014-9939

CVE-2014-9939 affects GNU Binutils where the ihex.c module contains a stack buffer overflow when printing bad bytes in Intel Hex objects. The advisory cites Binutils versions before 2.26 as vulnerable, with the flaw rooted in ihex.c and resulting in a stack-based overflow that can lead to a crash...

CVE-2019-9070

GNU Binutils (libiberty) vulnerability CVE-2019-9070: heap-based buffer over-read in d_expression_1 of cp-demangle.c after deep recursion, affecting Binutils prior to a patched release. Impact per sources includes potential code execution, information leakage, or DoS when processing crafted ELF i...

CVE-2019-9071

CVE-2019-9071 affects GNU Binutils’ libiberty component (cp-demangle.c, function d_count_templates_scopes) with a stack consumption/stack overflow vulnerability after deep recursion. Likely enables buffer overflow and remote code execution in affected contexts as described in multiple advisories....

CVE-2025-3198

CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...

CVE-2017-16830

CVE-2017-16830 affects GNU Binutils 2.29.1’s readelf component (readelf.c). The issue is that print_gnu_property_note does not have integer-overflow protection on 32-bit platforms, enabling a crafted ELF file to cause a denial of service (segmentation fault and crash) or possibly other impact. Th...

CVE-2018-12641

CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...

CVE-2017-16831

CVE-2017-16831 affects coffgen.c in the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.29.1. The symbol count is not validated, enabling a crafted PE file to cause a denial of service via integer overflow and application crash, or excessive memory allocation. This entry des...

CVE-2017-17124

The CVE-2017-17124 entry concerns GNU Binutils' Binary File Descriptor (libbfd) in Binutils 2.29.1. The _bfd_coff_read_string_table function in coffgen.c does not properly validate the size of the external string table, enabling a crafted COFF binary to cause denial of service through excessive m...

CVE-2021-3549

CVE-2021-3549 concerns GNU Binutils’ objdump with an out-of-bounds flaw in processing large sections via avr_elf32_load_records_from_section(), potentially causing a crash or memory corruption. Affected product: GNU binutils (objdump) version 2.36. Impact includes possible integrity and availabil...

CVE-2017-7614

CVE-2017-7614 affects GNU Binutils’ Binary File Descriptor library (libbfd). The issue is a NULL pointer dereference in elflink.c (described as a “member access within null pointer” UB) that could allow a remote attacker to crash the target program (denial of service). The description in connecte...

CVE-2022-35206

CVE-2022-35206 is a null pointer dereference in GNU Binutils readelf 2.38.50, triggered via read_and_display_attr_value in dwarf.c. Impact in the connected docs indicates a potential denial of service; exploitation appears to be local. Public remediation details in the connected materials point t...

CVE-2025-0840

CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...

CVE-2019-9073

CVE-2019-9073 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables (elf.c). This can impact availability (PARTIAL per CVSSv3), with local attack vector and no confidentiality/in...

CVE-2020-16590

Technical details about CVE-2020-16590 are not publicly provided in the connected documents. The initial description notes a double-free in GNU Binutils 2.35 BFD/process_symbol_table, but no further specifics (affected products/versions) are given here. Monitor for updates.

CVE-2017-15939

Technical details about CVE-2017-15939 are not provided in the connected documents. The initial note mentions a libbfd issue in Binutils but no specific products, versions, impact, or fixes are disclosed here. Monitor for updates.

CVE-2017-17121

CVE-2017-17121 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29.1. A COFF relocation that refers to a location beyond the end of the to-be-relocated section can trigger a memory access violation leading to a denial of service (memory corruption). Public details are drawn from...

CVE-2014-8737

CVE-2014-8737 is a directory traversal vulnerability in GNU Binutils up to version 2.24, enabling a local attacker to delete arbitrary files or create arbitrary files by crafting archive paths (dot-dot or full paths) in strip, objcopy, or ar. Affected component set includes binutils and its archi...

CVE-2017-17125

CVE-2017-17125 relates to GNU Binutils 2.29.1, where nm.c and objdump.c mishandle certain global symbols, causing a buffer over-read in _bfd_elf_get_symbol_version_string. This can lead to a denial of service (application crash) and may have unspecified other impact via a crafted ELF file. The de...