276 matches found
CVE-2014-8737
CVE-2014-8737 is a directory traversal vulnerability in GNU Binutils up to version 2.24, enabling a local attacker to delete arbitrary files or create arbitrary files by crafting archive paths (dot-dot or full paths) in strip, objcopy, or ar. Affected component set includes binutils and its archi...
CVE-2020-16591
CVE-2020-16591 : A Denial of Service in the Binary File Descriptor (BFD) of GNU Binutils 2.35 is caused by an invalid read in process_symbol_table (readeif). The description confirms the affected product and root cause and notes a DoS impact. No public details about exploitation methods, affected...
CVE-2022-47007
CVE-2022-47007 affects GNU binutils, specifically the function stab_demangle_v3_arg in stabs.c, with vulnerable ranges reported as Binutils 2.34 through 2.38. The issue is a memory leak that can be exploited to cause a denial of service. The impact is described as memory-related DoS, with exploit...
CVE-2017-17125
CVE-2017-17125 relates to GNU Binutils 2.29.1, where nm.c and objdump.c mishandle certain global symbols, causing a buffer over-read in _bfd_elf_get_symbol_version_string. This can lead to a denial of service (application crash) and may have unspecified other impact via a crafted ELF file. The de...
CVE-2017-9038
CVE-2017-9038 affects GNU Binutils 2.28 and is a remote DoS via crafted ELF files, causing heap-based buffer over-read and crash. Root cause involves ARM unwind information with invalid word offsets and related code paths (byte_get_little_endian in elfcomm.c; get_unwind_section_word in readelf.c)...
CVE-2020-35494
CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...
CVE-2021-46174
CVE-2021-46174 is a heap-based buffer overflow in GNU Binutils objdump (function bfd_getl32). Multiple connected advisories reference the same issue, with descriptions asserting a heap overflow in Binutils objdump 3.37 and related components. The CVE is associated with potential denial-of-service...
CVE-2017-12452
CVE-2017-12452 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29 and earlier. The issue is in bfd_mach_o_i386_canonicalize_one_reloc (mach-o-i386.c) where crafted Mach-O files can trigger an out-of-bounds heap read, potentially enabling remote impact when processing M...
CVE-2020-16593
CVE-2020-16593 is a Null Pointer Dereference in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.35, in scan_unit_for_symbols (addr2line demonstrated), leading to denial of service via a crafted file. Connected sources confirm the issue exists in Binutils compone...
CVE-2017-15996
Technical details (affected product/version, root cause, exploit info, patch) for CVE-2017-15996 are not provided in the supplied documents. The description lists the vulnerability but contains no public vendor/version specifics or remediation here. Monitor for updates.
CVE-2020-35495
CVE-2020-35495 is a null pointer dereference in binutils/bfd/pef.c (bfd_pef_parse_symbols) triggered by specially crafted input processed by objdump. It affects Binutils prior to 2.34 and can impact availability via crash. Remediation is upgrading to a newer Binutils version; IBM/Netezza advisori...
CVE-2017-12451
CVE-2017-12451 affects the GNU Binutils libbfd prior to 2.30. The vulnerability is in the _bfd_xcoff_read_ar_hdr function (files coff-rs6000.c and coff64-rs6000.c) and can cause an out-of-bounds stack read when processing a crafted COFF image. This could enable a remote attacker to read memory vi...
CVE-2018-20657
CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...
CVE-2017-14129
CVE-2017-14129 : The read_section function in dwarf2.c of GNU Binutils’ libbfd (Binutils 2.29) is vulnerable to a heap-based buffer over-read in parse of crafted ELF files, enabling remote denial of service via crashing the application. The description explicitly ties the issue to Binutils 2.29 a...
CVE-2014-8502
CVE-2014-8502 is a binutils/libbfd vulnerability affecting GNU Binutils 2.24 and earlier, where a heap-based buffer overflow in the pe_print_edata function (in binutils’ PE reader) could be triggered by a crafted PE export table, leading to a denial of service and potential further impact. Multip...
CVE-2017-9747
CVE-2017-9747 affects GNU Binutils 2.28 in the ieee_archive_p function (bfd/ieee.c). A crafted binary file can trigger a buffer overflow and application crash during objdump -D, causing a denial of service. The description notes this may be related to a compiler bug. Connected sources list the vu...
CVE-2014-8485
CVE-2014-8485 concerns GNU Binutils’ libbfd (setup_group in bfd/elf.c). Affected: Binutils 2.24 and earlier. Issue: missing range checks in the ELF section group headers allow a remote attacker to crash the process or potentially execute arbitrary code. Impact: denial of service and possible code...
CVE-2017-12799
CVE-2017-12799 affects GNU Binutils (elf_read_notes function in bfd/elf.c, Binutils 2.29). A crafted binary file can trigger a denial of service via a buffer overflow, potentially causing an application crash or other impact. The connected documents corroborate the vulnerability is in the elf_rea...
CVE-2021-37322
CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.
CVE-2017-15938
CVE-2017-15938 affects the Binary File Descriptor (BFD) library (GNU Binutils 2.29). The flaw in dwarf2.c miscalculates DW_FORM_ref_addr die refs for relocatable objects, allowing a remote attacker to trigger a denial of service via an invalid memory read, leading to segmentation fault and applic...
CVE-2018-18700
CVE-2018-18700 affects GNU Binutils 2.31 with a stack consumption vulnerability caused by infinite recursion in cp-demangle.c (functions d_name(), d_encoding(), d_local_name()). The issue enables a remote attacker to trigger a denial-of-service via an ELF file, as demonstrated by nm. Connected As...
CVE-2017-14130
CVE-2017-14130 affects the Binary File Descriptor library (libbfd) as distributed in GNU Binutils 2.29. The vulnerability arises in the _bfd_elf_parse_attributes function within elf-attrs.c, where a crafted ELF file can trigger a heap-based buffer over-read, enabling a remote attacker to cause an...
CVE-2017-14333
CVE-2017-14333 affects GNU Binutils, specifically the readelf.c function process_version_sections. A crafted binary with invalid ent.vn_next can cause a denial of service (integer overflow and a long loop) during readelf -a. Exploitation requires local access and user interaction. The provided do...
CVE-2017-9746
CVE-2017-9746 affects GNU Binutils 2.28: the disassemble_bytes function in objdump.c can be triggered by a crafted binary file executed with objdump -D, leading to a buffer overflow and application crash (DoS). Root cause is mishandling of rae insns printing for this file. It is described as a re...
CVE-2014-8738
CVE-2014-8738 affects GNU Binutils (libbfd/archive.c: _bfd_slurp_extended_name_table). A crafted extended name table in an archive can trigger an invalid write, leading to a denial of service (segmentation fault/crash). Public advisories across vendors cite binutils and libbfd as vulnerable, with...
CVE-2017-14930
CVE-2017-14930 refers to a memory leak in decode_line_info (dwarf2.c) of the Binary File Descriptor (BFD) library used in GNU Binutils 2.29. The vulnerability allows a crafted ELF file to cause denial of service via memory consumption. The initial description provides the kernel flaw but does not...
CVE-2018-12698
CVE-2018-12698 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c (Binutils 2.30). It allows attackers to trigger excessive memory consumption (OOM) during objdump execution due to a memory-management issue in demangle_template. Multiple connected advisori...
CVE-2017-9748
Technical details for CVE-2017-9748 are not provided in the connected documents. No explicit affected product versions, exploitation status, or fixes are shown here; monitor for updates from vendors and security advisories.
CVE-2017-14940
CVE-2017-14940 affects GNU Binutils libbfd: the scan_unit_for_symbols function in dwarf2.c can dereference a NULL pointer when processing a crafted ELF file, enabling a remote attacker to cause a denial of service (application crash). The vulnerability is tied to Binutils 2.29; exploitation detai...
CVE-2017-14939
Technical details about CVE-2017-14939 are not provided in the supplied documents. Monitor for updates from vendors and advisories.
CVE-2017-15020
CVE-2017-15020 affects dwarf1.c in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.29. The root cause is pointer mismanagement in parse_die and parse_line_table, demonstrated by a parse_die heap-based buffer over-read via a crafted ELF file. Impact is a denial o...
CVE-2017-9040
Technical details about CVE-2017-9040 are not provided in the connected documents. No explicit product/version/fix data beyond the initial description is available here. Monitor for updates.
CVE-2018-12934
CVE-2018-12934 affects GNU Binutils 2.30, specifically remember_Ktype in cplus-dem.c used by libiberty. The vulnerability can trigger excessive memory consumption (OOM) during execution of cxxfilt, as described in the connected Nessus/NASL entries. The affected component is GNU Binutils’ cplus-de...
CVE-2017-9750
CVE-2017-9750 affects opcodes/rx-decode.opc in GNU Binutils 2.28. The vulnerability arises from missing bounds checks for certain scale arrays, enabling a crafted binary file to trigger a denial of service (buffer overflow and application crash) during objdump -D, with possible other impact. A co...
CVE-2014-8484
GNU Binutils libbfd contains a vulnerability in srec_scan (bdf/srec.c) that allows a remote attacker to cause a denial of service (out-of-bounds read) by supplying a crafted small S-record. Affected product: GNU Binutils (libbfd). Root cause: memory safety flaw in srec_scan; the issue exists in b...
CVE-2017-14529
CVE-2017-14529 affects the Binary File Descriptor (BFD) library (libbfd) used by GNU Binutils 2.29. The vulnerability is in the pe_print_idata function in peXXigen.c, where HintName vector entries are mishandled, enabling a crafted PE file to trigger a heap-based buffer over-read and cause an app...
CVE-2017-14128
CVE-2017-14128 affects the GNU Binutils libbfd/Dwarf2 decoding: the decode_line_info function in dwarf2.c may be abused via a crafted ELF file to cause a heap-based buffer over-read and application crash (DENIAL OF SERVICE). Affected is Binutils 2.29 (BFD/libbfd). The provided documents do not sp...
CVE-2017-6966
Technical details for CVE-2017-6966 are not publicly available in the provided connected documents. The descriptions summarize a readelf/read-after-free in Binutils 2.28 MSP430 processing. No root-cause, affected versions, or fixes are specified here; monitor for updates.
CVE-2017-9041
Technical details for CVE-2017-9041 are not publicly provided in the connected documents. The materials reference Binutils 2.28 and MIPS GOT handling but do not specify affected versions beyond 2.28, exploit vectors, or fixes. Monitor for updates.
CVE-2017-9955
CVE-2017-9955 affects GNU Binutils 2.28 (libbfd) via the get_build_id function in opncls.c. A crafted file with a large size field relative to data can trigger a heap-based buffer over-read in objdump, leading to a denial of service. The initial description specifies Binutils 2.28 and a heap-base...
CVE-2022-47008
CVE-2022-47008 affects GNU Binutils (2.34–2.38) with a memory-leak issue in bucomm.c causing denial of service. Connected sources confirm the vulnerable functions make_tempdir and make_tempname and the impact is a DoS due to memory leaks. Affected products are Binutils variants across distributio...
CVE-2025-1150
CVE-2025-1150 affects GNU Binutils, specifically the ld component’s libbfd.c function bfd_malloc, causing a memory leak. Public reports describe remote exploitation with high attack complexity and an initial leak in Binutils 2.43. Connected advisories confirm fixes were implemented in later binut...
CVE-2014-8504
CVE-2014-8504 affects GNU Binutils (libbfd/srec.c) with a stack-based buffer overflow in the SREC parser. A crafted S-record file could crash the process or potentially trigger arbitrary code execution. Public references across multiple vendors (Debian, Red Hat/CentOS, Gentoo, Fedora, IBM PowerKV...
CVE-2017-9749
CVE-2017-9749 affects GNU Binutils 2.28. the vulnerable component is the regs macros in opcodes/bfin-dis.c. A crafted binary can be mishandled during objdump -D, causing a buffer overflow that may crash the application and potentially lead to unspecified impact. The description notes a remote att...
CVE-2017-7299
CVE-2017-7299 affects GNU Binutils 2.28’s Binary File Descriptor library (libbfd). The vulnerability arises when emitting relocations: bfd_elf_final_link in bfd/elflink.c reads the ELF reloc section header without validating the input file format, leading to an invalid read of size 8 and causing ...
CVE-2017-8396
CVE-2017-8396 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28. It allows an invalid read of size 1 due to reloc offset range tests not catching small negative offsets, causing crash in binary-analysis tools such as objdump. The vulnerability is tied to libbfd’s hand...
CVE-2017-9756
CVE-2017-9756 affects GNU Binutils 2.28. The vulnerability lies in the aarch64_ext_ldst_reglist function (opcodes/aarch64-dis.c) where mishandling of a crafted binary file during objdump -D can lead to a denial of service through a buffer overflow and application crash. This CVE is demonstrated v...
CVE-2019-9072
CVE-2019-9072 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. The issue is an attempted excessive memory allocation in setup_group() within elf.c, which can enable a denial-of-service through memory exhaustion when processing ELF files. Public advisori...
CVE-2025-5244
CVE-2025-5244 affects GNU Binutils up to 2.44. The vulnerability is in the ld component, specifically the function elf_gc_sweep in bfd/elflink.c , where input length handling leads to memory corruption. The exploit requires a local attack vector, and public disclosures indicate the exploit is ava...
CVE-2017-14745
The CVE-2017-14745 vulnerability affects GNU Binutils’ Binary File Descriptor library (libbfd) in Binutils 2.29. The issue arises because the _get_synthetic_symtab functions treat -1 as a sorting count rather than an error flag, enabling crafted ELF files to trigger denial of service via an integ...