CVE-2017-9038

CVE-2017-9038 affects GNU Binutils 2.28 and is a remote DoS via crafted ELF files, causing heap-based buffer over-read and crash. Root cause involves ARM unwind information with invalid word offsets and related code paths (byte_get_little_endian in elfcomm.c; get_unwind_section_word in readelf.c)...

CVE-2020-16591

CVE-2020-16591 : A Denial of Service in the Binary File Descriptor (BFD) of GNU Binutils 2.35 is caused by an invalid read in process_symbol_table (readeif). The description confirms the affected product and root cause and notes a DoS impact. No public details about exploitation methods, affected...

CVE-2021-3530

CVE-2021-3530 affects GNU Binutils 2.36 in rust-demangle.c (demangle_path). A crafted symbol can exhaust stack memory, causing a crash. Documented as fixed in subsequent binutils advisories (e.g., SUSE/SU advisories listing CVE-2021-3530 as fixed). No exploitation details are provided here; remed...

CVE-2014-8503

CVE-2014-8503 is a stack-based buffer overflow in the IHEX parser (ihex_scan in bfd/ihex.c) of GNU Binutils

CVE-2020-16593

CVE-2020-16593 is a Null Pointer Dereference in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.35, in scan_unit_for_symbols (addr2line demonstrated), leading to denial of service via a crafted file. Connected sources confirm the issue exists in Binutils compone...

CVE-2020-35494

CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...

CVE-2017-12452

CVE-2017-12452 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29 and earlier. The issue is in bfd_mach_o_i386_canonicalize_one_reloc (mach-o-i386.c) where crafted Mach-O files can trigger an out-of-bounds heap read, potentially enabling remote impact when processing M...

CVE-2017-15996

Technical details (affected product/version, root cause, exploit info, patch) for CVE-2017-15996 are not provided in the supplied documents. The description lists the vulnerability but contains no public vendor/version specifics or remediation here. Monitor for updates.

CVE-2017-14129

CVE-2017-14129 : The read_section function in dwarf2.c of GNU Binutils’ libbfd (Binutils 2.29) is vulnerable to a heap-based buffer over-read in parse of crafted ELF files, enabling remote denial of service via crashing the application. The description explicitly ties the issue to Binutils 2.29 a...

CVE-2017-9747

CVE-2017-9747 affects GNU Binutils 2.28 in the ieee_archive_p function (bfd/ieee.c). A crafted binary file can trigger a buffer overflow and application crash during objdump -D, causing a denial of service. The description notes this may be related to a compiler bug. Connected sources list the vu...

CVE-2020-35495

CVE-2020-35495 is a null pointer dereference in binutils/bfd/pef.c (bfd_pef_parse_symbols) triggered by specially crafted input processed by objdump. It affects Binutils prior to 2.34 and can impact availability via crash. Remediation is upgrading to a newer Binutils version; IBM/Netezza advisori...

CVE-2022-47007

CVE-2022-47007 affects GNU binutils, specifically the function stab_demangle_v3_arg in stabs.c, with vulnerable ranges reported as Binutils 2.34 through 2.38. The issue is a memory leak that can be exploited to cause a denial of service. The impact is described as memory-related DoS, with exploit...

CVE-2018-20657

CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...

CVE-2021-46174

CVE-2021-46174 is a heap-based buffer overflow in GNU Binutils objdump (function bfd_getl32). Multiple connected advisories reference the same issue, with descriptions asserting a heap overflow in Binutils objdump 3.37 and related components. The CVE is associated with potential denial-of-service...

CVE-2014-8502

CVE-2014-8502 is a binutils/libbfd vulnerability affecting GNU Binutils 2.24 and earlier, where a heap-based buffer overflow in the pe_print_edata function (in binutils’ PE reader) could be triggered by a crafted PE export table, leading to a denial of service and potential further impact. Multip...

CVE-2017-12451

CVE-2017-12451 affects the GNU Binutils libbfd prior to 2.30. The vulnerability is in the _bfd_xcoff_read_ar_hdr function (files coff-rs6000.c and coff64-rs6000.c) and can cause an out-of-bounds stack read when processing a crafted COFF image. This could enable a remote attacker to read memory vi...

CVE-2017-12799

CVE-2017-12799 affects GNU Binutils (elf_read_notes function in bfd/elf.c, Binutils 2.29). A crafted binary file can trigger a denial of service via a buffer overflow, potentially causing an application crash or other impact. The connected documents corroborate the vulnerability is in the elf_rea...

CVE-2017-14333

CVE-2017-14333 affects GNU Binutils, specifically the readelf.c function process_version_sections. A crafted binary with invalid ent.vn_next can cause a denial of service (integer overflow and a long loop) during readelf -a. Exploitation requires local access and user interaction. The provided do...

CVE-2017-9746

CVE-2017-9746 affects GNU Binutils 2.28: the disassemble_bytes function in objdump.c can be triggered by a crafted binary file executed with objdump -D, leading to a buffer overflow and application crash (DoS). Root cause is mishandling of rae insns printing for this file. It is described as a re...

CVE-2017-15938

CVE-2017-15938 affects the Binary File Descriptor (BFD) library (GNU Binutils 2.29). The flaw in dwarf2.c miscalculates DW_FORM_ref_addr die refs for relocatable objects, allowing a remote attacker to trigger a denial of service via an invalid memory read, leading to segmentation fault and applic...

CVE-2018-18700

CVE-2018-18700 affects GNU Binutils 2.31 with a stack consumption vulnerability caused by infinite recursion in cp-demangle.c (functions d_name(), d_encoding(), d_local_name()). The issue enables a remote attacker to trigger a denial-of-service via an ELF file, as demonstrated by nm. Connected As...

CVE-2014-8738

CVE-2014-8738 affects GNU Binutils (libbfd/archive.c: _bfd_slurp_extended_name_table). A crafted extended name table in an archive can trigger an invalid write, leading to a denial of service (segmentation fault/crash). Public advisories across vendors cite binutils and libbfd as vulnerable, with...

CVE-2017-14930

CVE-2017-14930 refers to a memory leak in decode_line_info (dwarf2.c) of the Binary File Descriptor (BFD) library used in GNU Binutils 2.29. The vulnerability allows a crafted ELF file to cause denial of service via memory consumption. The initial description provides the kernel flaw but does not...

CVE-2017-9748

Technical details for CVE-2017-9748 are not provided in the connected documents. No explicit affected product versions, exploitation status, or fixes are shown here; monitor for updates from vendors and security advisories.

CVE-2018-12698

CVE-2018-12698 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c (Binutils 2.30). It allows attackers to trigger excessive memory consumption (OOM) during objdump execution due to a memory-management issue in demangle_template. Multiple connected advisori...

CVE-2017-14130

CVE-2017-14130 affects the Binary File Descriptor library (libbfd) as distributed in GNU Binutils 2.29. The vulnerability arises in the _bfd_elf_parse_attributes function within elf-attrs.c, where a crafted ELF file can trigger a heap-based buffer over-read, enabling a remote attacker to cause an...

CVE-2021-37322

CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.

CVE-2017-14939

Technical details about CVE-2017-14939 are not provided in the supplied documents. Monitor for updates from vendors and advisories.

CVE-2017-9040

Technical details about CVE-2017-9040 are not provided in the connected documents. No explicit product/version/fix data beyond the initial description is available here. Monitor for updates.

CVE-2018-12934

CVE-2018-12934 affects GNU Binutils 2.30, specifically remember_Ktype in cplus-dem.c used by libiberty. The vulnerability can trigger excessive memory consumption (OOM) during execution of cxxfilt, as described in the connected Nessus/NASL entries. The affected component is GNU Binutils’ cplus-de...

CVE-2014-8485

CVE-2014-8485 concerns GNU Binutils’ libbfd (setup_group in bfd/elf.c). Affected: Binutils 2.24 and earlier. Issue: missing range checks in the ELF section group headers allow a remote attacker to crash the process or potentially execute arbitrary code. Impact: denial of service and possible code...

CVE-2017-9750

CVE-2017-9750 affects opcodes/rx-decode.opc in GNU Binutils 2.28. The vulnerability arises from missing bounds checks for certain scale arrays, enabling a crafted binary file to trigger a denial of service (buffer overflow and application crash) during objdump -D, with possible other impact. A co...

CVE-2017-14529

CVE-2017-14529 affects the Binary File Descriptor (BFD) library (libbfd) used by GNU Binutils 2.29. The vulnerability is in the pe_print_idata function in peXXigen.c, where HintName vector entries are mishandled, enabling a crafted PE file to trigger a heap-based buffer over-read and cause an app...

CVE-2017-15020

CVE-2017-15020 affects dwarf1.c in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.29. The root cause is pointer mismanagement in parse_die and parse_line_table, demonstrated by a parse_die heap-based buffer over-read via a crafted ELF file. Impact is a denial o...

CVE-2017-9041

Technical details for CVE-2017-9041 are not publicly provided in the connected documents. The materials reference Binutils 2.28 and MIPS GOT handling but do not specify affected versions beyond 2.28, exploit vectors, or fixes. Monitor for updates.

CVE-2017-9955

CVE-2017-9955 affects GNU Binutils 2.28 (libbfd) via the get_build_id function in opncls.c. A crafted file with a large size field relative to data can trigger a heap-based buffer over-read in objdump, leading to a denial of service. The initial description specifies Binutils 2.28 and a heap-base...

CVE-2014-8484

GNU Binutils libbfd contains a vulnerability in srec_scan (bdf/srec.c) that allows a remote attacker to cause a denial of service (out-of-bounds read) by supplying a crafted small S-record. Affected product: GNU Binutils (libbfd). Root cause: memory safety flaw in srec_scan; the issue exists in b...

CVE-2017-14128

CVE-2017-14128 affects the GNU Binutils libbfd/Dwarf2 decoding: the decode_line_info function in dwarf2.c may be abused via a crafted ELF file to cause a heap-based buffer over-read and application crash (DENIAL OF SERVICE). Affected is Binutils 2.29 (BFD/libbfd). The provided documents do not sp...

CVE-2017-9749

CVE-2017-9749 affects GNU Binutils 2.28. the vulnerable component is the regs macros in opcodes/bfin-dis.c. A crafted binary can be mishandled during objdump -D, causing a buffer overflow that may crash the application and potentially lead to unspecified impact. The description notes a remote att...

CVE-2022-47008

CVE-2022-47008 affects GNU Binutils (2.34–2.38) with a memory-leak issue in bucomm.c causing denial of service. Connected sources confirm the vulnerable functions make_tempdir and make_tempname and the impact is a DoS due to memory leaks. Affected products are Binutils variants across distributio...

CVE-2017-6966

Technical details for CVE-2017-6966 are not publicly available in the provided connected documents. The descriptions summarize a readelf/read-after-free in Binutils 2.28 MSP430 processing. No root-cause, affected versions, or fixes are specified here; monitor for updates.

CVE-2017-7299

CVE-2017-7299 affects GNU Binutils 2.28’s Binary File Descriptor library (libbfd). The vulnerability arises when emitting relocations: bfd_elf_final_link in bfd/elflink.c reads the ELF reloc section header without validating the input file format, leading to an invalid read of size 8 and causing ...

CVE-2017-9756

CVE-2017-9756 affects GNU Binutils 2.28. The vulnerability lies in the aarch64_ext_ldst_reglist function (opcodes/aarch64-dis.c) where mishandling of a crafted binary file during objdump -D can lead to a denial of service through a buffer overflow and application crash. This CVE is demonstrated v...

CVE-2025-1150

CVE-2025-1150 affects GNU Binutils, specifically the ld component’s libbfd.c function bfd_malloc, causing a memory leak. Public reports describe remote exploitation with high attack complexity and an initial leak in Binutils 2.43. Connected advisories confirm fixes were implemented in later binut...

CVE-2014-8504

CVE-2014-8504 affects GNU Binutils (libbfd/srec.c) with a stack-based buffer overflow in the SREC parser. A crafted S-record file could crash the process or potentially trigger arbitrary code execution. Public references across multiple vendors (Debian, Red Hat/CentOS, Gentoo, Fedora, IBM PowerKV...

CVE-2017-14940

CVE-2017-14940 affects GNU Binutils libbfd: the scan_unit_for_symbols function in dwarf2.c can dereference a NULL pointer when processing a crafted ELF file, enabling a remote attacker to cause a denial of service (application crash). The vulnerability is tied to Binutils 2.29; exploitation detai...

CVE-2017-7225

CVE-2017-7225 affects GNU Binutils 2.28 (addr2line). The bug is a NULL pointer dereference triggered when both the main file name and directory name are empty, leading to an invalid write and a crash. The connected Nessus entries publicly document this exact description and note it as an unpatche...

CVE-2017-8396

CVE-2017-8396 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28. It allows an invalid read of size 1 due to reloc offset range tests not catching small negative offsets, causing crash in binary-analysis tools such as objdump. The vulnerability is tied to libbfd’s hand...

CVE-2019-9072

CVE-2019-9072 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. The issue is an attempted excessive memory allocation in setup_group() within elf.c, which can enable a denial-of-service through memory exhaustion when processing ELF files. Public advisori...

CVE-2017-12456

CVE-2017-12456 affects GNU Binutils 2.29 and earlier. The read_symbol_stabs_debugging_info function in rddbg.c allows a remote attacker to cause an out-of-bounds heap read via a crafted binary file. This is documented in the connected Nessus/Red Hat entries, which explicitly list CVE-2017-12456 a...