276 matches found
CVE-2017-14745
The CVE-2017-14745 vulnerability affects GNU Binutils’ Binary File Descriptor library (libbfd) in Binutils 2.29. The issue arises because the _get_synthetic_symtab functions treat -1 as a sorting count rather than an error flag, enabling crafted ELF files to trigger denial of service via an integ...
CVE-2017-7210
CVE-2017-7210 affects GNU Binutils 2.28. The objdump tool (and related Binutils components) is vulnerable to multiple heap-based buffer over-reads when processing crafted object files with corrupted STABS enum type strings, potentially causing a crash. The description indicates the vulnerability ...
CVE-2018-17794
CVE-2018-17794 affects GNU Binutils/libiberty (cplus-dem.c) where a NULL pointer dereference in work_stuff_copy_to_from can be triggered when called from iterate_demangle_function. The issue is tied to Binutils 2.31; the provided documents describe the vulnerability and target the demangling work...
CVE-2017-8421
The CVE-2017-8421 issue affects GNU Binutils' Binary File Descriptor (libbfd) component, specifically the coff_set_alignment_hook function in coffcode.h used with Binutils 2.28. It describes a memory leak vulnerability that can cause memory exhaustion in objdump when parsing a crafted PE file. Th...
CVE-2017-9042
GNU Binutils readelf.c (CVE-2017-9042) had a “cannot be represented in type long” issue that could crash the process via a crafted ELF file. The Connected document CLSA-2025:1760112341 reports a fix for CVE-2017-9042 (binutils: Fix of CVE-2017-9042) in CloudLinux update info for CentOS6 ELs; reme...
CVE-2017-9744
Technical details for CVE-2017-9744 are not publicly available in the provided documents; monitor for updates.
CVE-2017-12454
CVE-2017-12454 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils up to version 2.29. The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c can be triggered by a crafted VMS Alpha file to cause an arbitrary memory read. This entry (CVE-2017-12454) is corroborated by connected...
CVE-2017-12455
Technical details for CVE-2017-12455 are not provided in the connected documents. Monitor for updates; no new/public details are available here.
CVE-2017-12967
CVE-2017-12967 involves the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The getsym function in tekhex.c may be triggered by a malformed tekhex binary, allowing a remote attacker to cause a denial of service via a stack-based buffer over-read and resulting in an application...
CVE-2017-15021
CVE-2017-15021 affects GNU Binutils’ Binary File Descriptor library (libbfd). The issue is in bfd_get_debug_link_info_1 (opncls.c) and arises from a crafted ELF file, enabling a heap-based buffer over-read that can crash the application. The description specifies Binutils 2.29 as affected; no exp...
CVE-2025-1149
CVE-2025-1149 affects GNU Binutils 2.43, specifically the xstrdup path in libiberty/xmalloc.c used by ld, causing a memory leak. The issue can be exploited remotely and is described as high attack complexity with the exploit publicly disclosed. Reports indicate fixes have been committed to the ma...
CVE-2017-12450
CVE-2017-12450 concerns the GNU Binutils libbfd component, specifically the alpha_vms_object_p path in vms-alpha.c. The advisory text in the connected sources confirms an out-of-bounds heap write vulnerability exploitable via crafted vms alpha files, which could lead to code execution. The affect...
CVE-2017-12458
CVE-2017-12458 affects GNU Binutils libbfd (nlm_swap_auxiliary_headers_in in bfd/nlmcode.h). As distributed in Binutils 2.29 and earlier, it allows a remote attacker to cause an out-of-bounds heap read via a crafted nlm file. The vulnerability is tied to the nlm_swap_auxiliary_headers_in routine ...
CVE-2017-6965
CVE-2017-6965 affects readelf in GNU Binutils 2.28. Processing corrupted input files containing symbol-difference relocations can cause writes to illegal addresses, leading to a heap-based buffer overflow. The description specifies the vulnerable component (readelf) and version (Binutils 2.28) an...
CVE-2017-9755
CVE-2017-9755 affects GNU Binutils 2.28. The opcodes/i386-dis.c handling for bnd mode does not properly account for the number of registers, enabling a crafted binary to cause a denial of service (buffer overflow and application crash) during objdump -D. No explicit patch/version fix is provided ...
CVE-2018-20712
CVE-2018-20712 : A heap-based buffer over-read in d_expression_1 (cp-demangle.c) of GNU libiberty, distributed with GNU Binutils 2.31.1, can cause segmentation faults and denial-of-service as shown by c++filt. Connected sources confirm the same flaw and tie it to GNU Binutils components used by b...
CVE-2017-14729
CVE-2017-14729 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The vulnerability is triggered by non-unique PLT entries for a symbol in elf32-i386.c and elf64-x86-64.c, allowing remote attackers to cause a heap-based buffer overflow and application crash via a craf...
CVE-2017-6969
CVE-2017-6969 affects readelf in GNU Binutils 2.28, describing a heap-based buffer over-read when processing corrupt RL78 binaries. Impact per sources: crashes and potential information leakage. Connected advisories (e.g., RH unpatched BINUTILS entries) list CVE-2017-6969 among vulnerabilities wi...
CVE-2017-7302
CVE-2017-7302 affects the Binary File Descriptor (BFD) library (libbfd) bundled with GNU Binutils 2.28. It describes an invalid read (size 4) in swap_std_reloc_out due to missing checks for unrecognised relocs, which can cause Binutils utilities like strip to crash. The provided documents do not ...
CVE-2017-8397
CVE-2017-8397 affects the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.28. It enables an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing relocations with negative addresses, causing analysis tools such as obj...
CVE-2018-9138
CVE-2018-9138 affects GNU Binutils’ libiberty code, specifically cplus-dem.c, with stack exhaustion caused by recursive C++ demangling frames (demangle_nested_args, demangle_args, do_arg, do_type) in GNU Binutils 2.29 and 2.30. Connected documents reference this issue and indicate a fix has been ...
CVE-2022-47011
CVE-2022-47011 affects Binutils with a memory-leak related DoS in parse_stab_struct_fields (stabs.c) for Binutils 2.34–2.38. The connected documents confirm the issue is a memory-leak DoS vulnerability impacting Binutils, with multiple advisories referencing the same function as the root cause. E...
CVE-2017-12448
CVE-2017-12448 affects the GNU Binutils libbfd: the bfd_cache_close path in bfd/cache.c can cause a heap use-after-free and potentially code execution when processing a crafted nested archive. Root cause is incorrect function calls during memory release; the vendor’s note cites insufficient input...
CVE-2017-12449
CVE-2017-12449 affects the GNU Binutils libbfd component. The vulnerability exists in _bfd_vms_save_sized_string (vms-misc.c) and allows a remote attacker to trigger an out-of-bounds heap read by supplying a crafted vms file. The CVE is associated with Binutils 2.29 and earlier; newer versions ar...
CVE-2017-12453
CVE-2017-12453 affects the GNU Binutils libbfd (Binary File Descriptor) library, with Binutils 2.29 and earlier being vulnerable. The flaw is an out-of-bounds heap read via a crafted vms alpha file in the _bfd_vms_slurp_eeom function of libbfd.c. This enables a remote attacker to read memory from...
CVE-2017-14932
Technical details beyond the initial description are not provided in the connected documents. No vendor, product, or version specifics, impact, or remediation are included—monitor for updates.
CVE-2017-15023
The CVE-2017-15023 issue affects GNU Binutils 2.29 (Binary File Descriptor libbfd). Specifically, read_formatted_entries in dwarf2.c mishandles the format count, allowing a crafted ELF file to trigger a denial of service via a NULL pointer dereference related to concat_filename. This vulnerabilit...
CVE-2017-8393
CVE-2017-8393 affects GNU Binutils’ Binary File Descriptor library (libbfd) as distributed in Binutils 2.28. The flaw stems from an assumption in code paths used by objcopy and strip that SHT_REL/SHR_RELA sections always begin with .rel/.rela, causing a global buffer over-read and a crash in tool...
CVE-2017-9742
CVE-2017-9742: In GNU Binutils 2.28, the score_opcodes function in opcodes/score7-dis.c is vulnerable to crafted binary input, enabling remote attackers to cause a denial of service via a buffer overflow during objdump -D. The description specifies the impact as DOS with potential unspecified eff...
CVE-2018-9996
CVE-2018-9996 concerns GNU Binutils libiberty (cplus-dem.c). The issue is a stack-exhaustion/recursion vulnerability in the C++ demangling functions, caused by deep recursive frames in demangle_template_value_parm, demangle_integral_value, and demangle_expression. Effects described in the connect...
CVE-2019-9076
CVE-2019-9076: In GNU Binutils’ Binary File Descriptor library (libbfd) distributed with Binutils 2.32, elf_read_notes in elf.c permits an excessive memory allocation. Connected advisories document the vulnerability in Binutils 2.32 and reference downstream fixes. The EulerOS/Gentoo GLSA entries ...
CVE-2017-15022
CVE-2017-15022 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29. The root cause is that dwarf2.c does not validate the DW_AT_name data type during parsing, which enables a crafted ELF file to trigger a denial of service through a NULL pointer dereference or out-of-bounds acce...
CVE-2017-7300
CVE-2017-7300 affects GNU Binutils (libbfd) in Binutils 2.28. The aout_link_add_symbols function (bfd/aoutx.h) allows a heap-based buffer over-read due to incomplete string-offset checks while loading symbols, leading to ld crashes. Public details in connected docs confirm the root cause and impa...
CVE-2018-18701
CVE-2018-18701 describes a stack-consumption vulnerability in GNU Binutils’ libiberty (cp-demangle.c) caused by infinite recursion in next_is_type_qual() and cplus_demangle_type(). The issue affects Binutils 2.31 and can enable a remote attacker to induce denial of service via an ELF file (demons...
CVE-2017-12457
CVE-2017-12457 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils, with the vulnerable code path in section.c::bfd_make_section_with_flags. The issue allows a crafted file to trigger a NULL pointer dereference and crash the process, as distributed in Binutils 2.29 and earli...
CVE-2017-9754
Technical details about CVE-2017-9754 are not provided in the supplied documents. Public details appear limited to the initial description; no vendor/product/version specifics or remediation are included. Monitor for updates as additional sources may publish details.
CVE-2022-47010
CVE-2022-47010 is a memory-leak DoS in GNU binutils’ pr_function_type (prdbg.c) affecting Binutils 2.34–2.38. Public advisories confirm this issue and reference patches/updates; e.g., Cloud Foundry USN consolidates related binutils fixes, and Mariner notes exposure for versions
CVE-2017-13710
CVE-2017-13710 affects GNU Binutils libbfd (Binary File Descriptor) with the setup_group function in elf.c. The vulnerability allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a group section that is too small. The description and connected Nessus entri...
CVE-2017-17123
CVE-2017-17123 affects GNU Binutils’ Binary File Descriptor library (libbfd) in Binutils 2.29.1. The coff_slurp_reloc_table function in coffcode.h can cause a NULL pointer dereference, enabling a remote attacker to crash the application via a crafted COFF file. The initial description specifies t...
CVE-2017-7224
CVE-2017-7224: In GNU Binutils 2.28, the find_nearest_line function in objdump is vulnerable to an invalid write of size 1 while disassembling a corrupt binary containing an empty function name, causing a program crash. The description specifies the affected component (GNU Binutils, objdump) and ...
CVE-2017-14974
CVE-2017-14974 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29. The _get_synthetic_symtab functions mishandle the failure of a canonicalization step, which can trigger a NULL pointer dereference when processing crafted ELF files. This results in a denial of service (applicat...
CVE-2017-15024
CVE-2017-15024 is a vulnerability in the Binary File Descriptor (BFD) library (GNU Binutils) as distributed with Binutils 2.29, affecting the dwarf2.c implementation. The issue arises in the function find_abstract_instance_name in dwarf2.c, where processing a crafted ELF file can trigger an infin...
CVE-2017-7301
CVE-2017-7301 is a concrete vulnerability in GNU Binutils (libbfd). The aout_link_add_symbols function in bfd/aoutx.h has an off-by-one error in checking string offsets, which can cause the GNU linker (ld) to crash. Connected Nessus/Red Hat entries reference unpatched Binutils in various RHEL rel...
CVE-2017-8394
CVE-2017-8394 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28. It is caused by a NULL pointer dereference in _bfd_elf_large_com_section, leading to an invalid read of size 4 and crashes in analysis tools (e.g., objcopy). Exploitation details, affected products/versi...
CVE-2017-8392
CVE-2017-8392 refers to a vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed with GNU Binutils 2.28. The issue is an invalid read of size 8 caused by a missing check for NULL symbols in the _bfd_dwarf2_find_nearest_line function, which can cause programs analyzing b...
CVE-2025-1151
CVE-2025-1151 concerns GNU Binutils 2.43, where the memory leak originates in ld’s xmemdup.c (function xmemdup). The vulnerability can be triggered remotely and is described as high attack complexity with a disclosed exploit. Several connected advisories document a patch path: openSUSE/SUSE advis...
CVE-2025-1152
CVE-2025-1152 affects GNU Binutils 2.43, specifically the function xstrdup in xstrdup.c within the ld component, causing a memory leak. Publicly disclosed exploit details indicate the issue can be triggered remotely, with attack complexity described as high and exploitability as low to moderate d...
CVE-2025-1176
Affected software : GNU Binutils 2.43, specifically the ld component and the function _bfd_elf_gc_mark_rsec in elflink.c. Vulnerability : heap-based buffer overflow. Impact/conditions : may be exploited remotely; attack complexity is high; privileges required: none; user interaction required. Exp...
CVE-2025-1181
GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...
CVE-2025-5244
CVE-2025-5244 affects GNU Binutils up to 2.44. The vulnerability is in the ld component, specifically the function elf_gc_sweep in bfd/elflink.c , where input length handling leads to memory corruption. The exploit requires a local attack vector, and public disclosures indicate the exploit is ava...