Lucene search
K
GnuBinutils

276 matches found

CVE
CVE
added 2025/02/11 7:0 a.m.88 views

CVE-2025-1179

GNU Binutils 2.43 contains a memory corruption vulnerability in the ld component, specifically in the bfd_putl64 function of bfd/libbfd.c. The issue can be triggered remotely and is characterized by high attack complexity and the possibility of exploitation being disclosed publicly. Upgrading to ...

7.5CVSS5.1AI score0.00523EPSS
CVE
CVE
added 2025/02/11 8:0 a.m.88 views

CVE-2025-1181

GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...

5.1CVSS5.1AI score0.00657EPSS
CVE
CVE
added 2017/03/29 3:0 p.m.87 views

CVE-2017-7301

CVE-2017-7301 is a concrete vulnerability in GNU Binutils (libbfd). The aout_link_add_symbols function in bfd/aoutx.h has an off-by-one error in checking string offsets, which can cause the GNU linker (ld) to crash. Connected Nessus/Red Hat entries reference unpatched Binutils in various RHEL rel...

7.5CVSS6.8AI score0.02396EPSS
CVE
CVE
added 2025/02/11 7:31 a.m.87 views

CVE-2025-1180

The CVE-2025-1180 issue affects GNU Binutils 2.43, specifically the _bfd_elf_write_section_eh_frame function in bfd/elf-eh-frame.c used by ld. It causes memory corruption and can be triggered remotely; attack complexity is high, and exploitation is possible after disclosure. The available sources...

3.1CVSS3.7AI score0.00644EPSS
CVE
CVE
added 2017/05/01 6:0 p.m.86 views

CVE-2017-8392

CVE-2017-8392 refers to a vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed with GNU Binutils 2.28. The issue is an invalid read of size 8 caused by a missing check for NULL symbols in the _bfd_dwarf2_find_nearest_line function, which can cause programs analyzing b...

7.5CVSS6.9AI score0.0145EPSS
CVE
CVE
added 2017/05/01 6:0 p.m.86 views

CVE-2017-8395

CVE-2017-8395 affects the Binary File Descriptor (BFD) library (libbfd) included with GNU Binutils 2.28. The vulnerability arises from an unchecked malloc() return in _bfd_generic_get_section_contents, allowing an invalid write of size 8. This can cause crash-prone behavior in tools that analyze ...

7.5CVSS6AI score0.01914EPSS
CVE
CVE
added 2017/05/18 1:0 a.m.86 views

CVE-2017-9039

GNU Binutils 2.28 is vulnerable to remote denial of service via a crafted ELF file containing many program headers. The issue arises in readelf.c within get_program_headers, as described in CVE-2017-9039. The connected Nessus entries confirm the same vulnerability details; no other fixes or mitig...

5.5CVSS5.8AI score0.02065EPSS
CVE
CVE
added 2025/02/10 1:31 p.m.86 views

CVE-2025-1147

CVE-2025-1147 refers to a buffer overflow in GNU Binutils 2.43, specifically in nm.c:__sanitizer::internal_strlen. Connected advisories indicate the fix is in Binutils 2.45, with openSUSE/SUSE advisories recommending upgrading to 2.45 (and related patch content). The vulnerability is exploitable ...

5.3CVSS3.8AI score0.00619EPSS
CVE
CVE
added 2017/08/04 3:0 p.m.85 views

CVE-2017-12459

CVE-2017-12459 affects GNU Binutils (libbfd) specifically the bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c, distributed in Binutils 2.29 and earlier. The root cause is an out-of-bounds heap write triggered by processing crafted Mach-O files, enabling a remote attacker to potentially ach...

7.8CVSS7.6AI score0.01892EPSS
CVE
CVE
added 2017/10/10 11:0 p.m.85 views

CVE-2017-15225

Technical details about CVE-2017-15225 (affected product/version, exploitability, remediation) are not provided in the connected documents. Monitor for updates from the sources for any concrete technical specifics.

5.5CVSS5.7AI score0.01426EPSS
CVE
CVE
added 2017/03/22 4:0 p.m.85 views

CVE-2017-7223

Technical details about CVE-2017-7223 are not provided in the supplied documents. Connected sources reference the CVE only at listing/advisory level without specifics. Monitor for updates.

7.5CVSS7.2AI score0.01956EPSS
CVE
CVE
added 2017/05/18 1:0 a.m.85 views

CVE-2017-9043

CVE-2017-9043 : GNU Binutils readelf (the readelf.c functionality in Binutils dated 2017-04-12) contains a “shift exponent too large for type unsigned long” issue that could allow a remote attacker to cause a denial of service (application crash) or potentially other impact via a crafted ELF file...

7.8CVSS7.8AI score0.02129EPSS
CVE
CVE
added 2017/05/18 1:0 a.m.85 views

CVE-2017-9044

Technical details for CVE-2017-9044 are not provided in the connected documents. The initial description notes a denial of service via crafted ELF in Binutils, but no concrete affected versions or fixes are given here. Monitor for updates.

5.5CVSS5.7AI score0.01623EPSS
CVE
CVE
added 2017/06/19 4:0 a.m.85 views

CVE-2017-9753

CVE-2017-9753 concerns the GNU Binutils libbfd component. The versados_mkobject function (in bfd/versados.c) of Binutils 2.28 does not initialize a certain data structure, which the source describes as enabling a denial of service via a crafted binary when interpreting it with objdump -D. The vul...

7.8CVSS7.9AI score0.02773EPSS
CVE
CVE
added 2017/03/21 6:21 a.m.84 views

CVE-2017-7209

CVE-2017-7209 affects GNU Binutils readelf: the dump_section_as_bytes function dereferences a NULL pointer when reading section contents from a corrupt binary, causing a crash. The description is based on the provided CVE entry (Binutils 2.28). No public exploit details are given in the supplied ...

5.5CVSS6AI score0.01217EPSS
CVE
CVE
added 2017/03/29 3:0 p.m.84 views

CVE-2017-7303

CVE-2017-7303 : The Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28 contains an invalid read of size 4 caused by a missing null-header check in find_link, which can cause Binutils utilities like strip to crash. The connected documents corroborate Binutils/BFD-related issues and...

7.5CVSS6.9AI score0.02217EPSS
CVE
CVE
added 2017/06/26 11:0 p.m.84 views

CVE-2017-9954

The CVE-2017-9954 issue affects GNU Binutils’ Binary File Descriptor library (libbfd), specifically the tekhex.c getvalue function. A crafted tekhex file can trigger a stack-based buffer over-read in nm, causing an application crash (DoS). Root cause is mishandling in getvalue within tekhex.c of ...

5.5CVSS5.8AI score0.01561EPSS
CVE
CVE
added 2017/08/29 11:0 p.m.83 views

CVE-2017-13757

CVE-2017-13757 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29. A crafted ELF file can trigger a heap-based buffer over-read because the PLT section size is not validated in elf_i386_get_synthetic_symtab / elf_x86_64_get_synthetic_symtab, causing an application crash. The...

5.5CVSS5.9AI score0.01473EPSS
CVE
CVE
added 2017/09/29 6:0 p.m.83 views

CVE-2017-14938

CVE-2017-14938 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The flaw is in _bfd_elf_slurp_version_tables() within elf.c and allows an attacker to trigger a denial of service by feeding a crafted ELF file, causing excessive memory allocation and an application cr...

5.5CVSS5.7AI score0.02024EPSS
CVE
CVE
added 2023/09/14 8:49 p.m.83 views

CVE-2023-25586

CVE-2023-25586 affects Binutils: a logic fail in bfd_init_section_decompress_status may use an uninitialized variable, causing a crash and local denial of service. Connected advisories confirm a fixed Binutils version; upstream advisories (e.g., TencentOS/FreeBSD entries) indicate a newer Binutil...

5.5CVSS4.9AI score0.00347EPSS
CVE
CVE
added 2017/06/19 4:0 a.m.82 views

CVE-2017-9752

CVE-2017-9752 affects GNU Binutils 2.28 (BFD libbfd) with a vulnerability in bfd/vms-alpha.c (_bfd_vms_get_value and _bfd_vms_slurp_etir) when handling crafted VMS binary files during objdump -D. It can cause a denial of service via a buffer overflow with potential for unspecified impact. The con...

7.8CVSS7.9AI score0.0276EPSS
CVE
CVE
added 2006/08/18 7:55 p.m.81 views

CVE-2005-4808

The CVE-2005-4808 entry concerns a buffer overflow in the GNU Binutils gas assembler: reset_vars in config/tc-crx.c, vulnerable in Binutils before 20050714. Exploitation is described as user-assisted with unknown impact via a crafted .s file. Multiple connected records ( RH/CVE, Ubuntu USN-366-1,...

7.6CVSS6.5AI score0.02243EPSS
CVE
CVE
added 2017/12/04 8:0 a.m.81 views

CVE-2017-17126

CVE-2017-17126 affects GNU Binutils 2.29.1. The load_debug_section function in readelf.c may be triggered by an ELF file that lacks section headers, allowing remote attackers to cause a denial of service via invalid memory access and application crash (potentially other impact, as noted in the de...

7.8CVSS8AI score0.01688EPSS
CVE
CVE
added 2025/02/10 2:0 p.m.81 views

CVE-2025-1148

GNU Binutils 2.43 contains a memory-leak vulnerability in ld/ldelfgen.c: link_order_scan. The issue is exploitable remotely with high attack complexity; vendor notes fixes have been made on master and a 2.45 branch/updates are available (binutils 2.45), so upgrading to a newer Binutils release is...

3.1CVSS3.8AI score0.00591EPSS
CVE
CVE
added 2025/02/11 8:31 a.m.81 views

CVE-2025-1182

CVE-2025-1182 affects GNU Binutils 2.43, specifically the ld component; the memory corruption is triggered by bfd_elf_reloc_symbol_deleted_p in bfd/elflink.c. The vulnerability is remote-exploitable with high attack complexity, and public exploitation is noted. A patch is available (patch id: b42...

5.1CVSS5.1AI score0.00542EPSS
CVE
CVE
added 2017/03/22 4:0 p.m.80 views

CVE-2017-7227

CVE-2017-7227 ; affect: GNU Binutils 2.28, specifically the GNU ld linker. It is a heap-based buffer overflow that occurs when processing a bogus input script, due to lack of '\0' termination of a name field in ldlex.l, leading to a program crash. The description does not provide exploit details ...

7.5CVSS6.3AI score0.02497EPSS
CVE
CVE
added 2017/06/19 4:0 a.m.80 views

CVE-2017-9751

CVE-2017-9751 concerns opcodes/rl78-decode.opc in GNU Binutils 2.28, where an unbounded GETBYTE macro can enable a crafted binary to trigger a buffer overflow during objdump -D, leading to a denial of service (application crash). The connected documents confirm this specific vector is tied to Bin...

7.8CVSS6.8AI score0.02942EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.80 views

CVE-2020-35342

CVE-2020-35342 (GNU Binutils) affects Binutils before 2.34, with an uninitialized-heap vulnerability in tic4x_print_cond (opcodes/tic4x-dis.c) that could lead to information leakage. Affected software: GNU Binutils; root cause: uninitialized heap memory in a print handler. Impact: potential infor...

7.5CVSS7.1AI score0.00659EPSS
CVE
CVE
added 2017/03/29 3:0 p.m.79 views

CVE-2017-7304

CVE-2017-7304 affects the GNU Binutils BFD library (libbfd) as distributed in Binutils 2.28. The vulnerability is an invalid read (size 8) caused by a missing check for an invalid sh_link in copy_special_section_fields before following it, which can crash Binutils utilities such as strip. The pro...

7.5CVSS6.9AI score0.02095EPSS
CVE
CVE
added 2017/05/01 6:0 p.m.79 views

CVE-2017-8398

Technical details for CVE-2017-8398 are not publicly provided in the supplied documents. The materials mention Binutils 2.28 but do not specify affected products/versions beyond that, root cause, impact, or fixes; monitor for updates.

7.5CVSS7.5AI score0.01968EPSS
CVE
CVE
added 2017/06/19 4:0 a.m.78 views

CVE-2017-9743

The CVE-2017-9743 issue affects GNU Binutils 2.28. The vulnerability exists in the print_insn_score32 function (opcodes/score7-dis.c:552) and can be triggered by handling of a crafted binary file during objdump -D. Successful exploitation may lead to a denial of service via a buffer overflow and ...

7.8CVSS8AI score0.02795EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.78 views

CVE-2020-21490

CVE-2020-21490 is a memory-leak issue in GNU Binutils 2.34, triggered during disassembly of microblaze instructions (microblaze-dis.c). The memory consumption per disassembled instruction can lead to resource exhaustion and potential denial of service. Connected advisories (e.g., EulerOS summarie...

5.5CVSS6AI score0.00302EPSS
CVE
CVE
added 2017/09/29 8:0 a.m.77 views

CVE-2017-14933

CVE-2017-14933 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The vulnerability, in read_formatted_entries() within dwarf2.c, can cause a denial of service via an crafted ELF file by triggering an infinite loop. Affected component: BFD/dwarf2.c in Binutils 2.29. R...

5.5CVSS5.2AI score0.01275EPSS
CVE
CVE
added 2025/02/11 6:31 a.m.77 views

CVE-2025-1178

CVE-2025-1178 affects GNU Binutils 2.43, specifically the ld component’s libbfd.c function bfd_putl64, where memory corruption is triggered. The issue can be exploited remotely with high attack complexity, and the exploit has been disclosed publicly. A patch identifier 75086e9de1707281172cc77f178...

6.3CVSS5.5AI score0.00735EPSS
CVE
CVE
added 2012/09/05 11:0 p.m.76 views

CVE-2012-3509

CVE-2012-3509 concerns multiple integer overflows in GNU binutils’ libiberty and related code paths (objalloc_alloc and CHUNK_HEADER_SIZE usage) that can trigger a heap-based buffer overflow when processing untrusted inputs. The vendor-adopted description in the connected records confirms the imp...

5CVSS8.8AI score0.03602EPSS
CVE
CVE
added 2017/09/29 8:0 a.m.76 views

CVE-2017-14934

CVE-2017-14934 affects the Binary File Descriptor (libbfd) component in GNU Binutils (2.29). A crafted ELF file containing a negative size value in a CU structure can trigger a denial of service via an infinite loop. The connected documents confirm the vulnerability pattern but do not provide a v...

5.5CVSS5.2AI score0.0124EPSS
CVE
CVE
added 2017/11/30 9:0 p.m.76 views

CVE-2017-17080

CVE-2017-17080 affects the GNU Binutils libbfd/elf.c implementation. It does not validate core-note sizes in ELF files, allowing a crafted object file to trigger a heap-based read (bfd_getl32) and crash the application, i.e., a DoS. The description specifies Binutils 2.29.1 as the distributed ver...

5.5CVSS5.9AI score0.01289EPSS
CVE
CVE
added 2017/03/22 4:0 p.m.76 views

CVE-2017-7226

CVE-2017-7226 concerns the Binary File Descriptor (BFD) library (GNU Binutils) as distributed in Binutils 2.28. The vulnerability arises in the pe_ILF_object_p function, where a heap-based buffer over-read of size 4049 can occur because strlen is used instead of strnlen. This can cause program cr...

9.1CVSS6.8AI score0.02456EPSS
CVE
CVE
added 2017/06/19 4:0 a.m.75 views

CVE-2017-9745

The CVE-2017-9745 issue affects GNU Binutils libbfd (Binutils 2.28) in the BFD implementation. The vulnerability is in the _bfd_vms_slurp_etir function (bfd/vms-alpha.c), where handling of a crafted vms file during objdump -D can cause a denial of service via a buffer overflow, potentially impact...

7.8CVSS6.8AI score0.02652EPSS
CVE
CVE
added 2025/10/16 3:32 p.m.73 views

CVE-2025-11840

GNU Binutils 2.45 contains a vulnerability in the vfinfo function of ldmisc.c that can cause an out‑of‑bounds read. The issue is exploitable locally, and the exploit has been publicly released. A patch is referenced as 16357 and applying it is the recommended remediation. The vulnerability is not...

5.5CVSS4.2AI score0.00251EPSS
CVE
CVE
added 2006/08/18 7:55 p.m.71 views

CVE-2005-4807

CVE-2005-4807 concerns the GNU Binutils gas assembler. The vulnerability is a stack-based buffer overflow in the as_bad function within messages.c, triggered by a .c file containing crafted inline assembly code. Under affected configurations, an attacker could potentially execute arbitrary code w...

7.5CVSS7.8AI score0.11664EPSS
CVE
CVE
added 2006/05/15 4:0 p.m.69 views

CVE-2006-2362

CVE-2006-2362 is a buffer overflow in getsym in tekhex.c of libbfd (GNU Binutils) used by strings. Reported as exploitable to crash the application and possibly execute arbitrary code via a TekHex file with an invalid length character. Connected advisories (SUSE, Ubuntu USN-292-1, OpenVAS entries...

7.5CVSS7.4AI score0.11966EPSS
CVE
CVE
added 2026/03/15 12:19 a.m.66 views

CVE-2026-3442

CVE-2026-3442 is a reported heap-based buffer overflow in the GNU Binutils bfd linker, caused by a missing r_symndx bounds check in xcoff_link_add_symbols. Exploitation would involve processing a crafted XCOFF object file and could lead to information disclosure or an application crash/DoS. Multi...

7.1CVSS5.9AI score0.00245EPSS
CVE
CVE
added 2026/03/06 12:0 a.m.57 views

CVE-2025-69651

CVE-2025-69651 affects GNU Binutils through version 2.46, specifically the readelf component. The vulnerability arises from an invalid pointer free when parsing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations exits early, the internal all_relocations array may b...

5.5CVSS6.1AI score0.0024EPSS
CVE
CVE
added 2026/04/22 8:37 a.m.57 views

CVE-2026-6846

CVE-2026-6846 describes a heap-buffer-overflow in GNU binutils during linking when processing a specially crafted XCOFF object file. The vulnerability affects the XCOFF handling code, where a crafted file can trigger arbitrary code execution or a denial of service. The advisory notes local exploi...

7.8CVSS5.9AI score0.00171EPSS
CVE
CVE
added 2026/03/06 12:0 a.m.56 views

CVE-2025-69649

CVE-2025-69649 affects GNU Binutils up to version 2.46 (readelf). A vulnerability in relocation processing can pass an invalid or null section pointer to display_relocations(), causing a null pointer dereference that leads to a segmentation fault (SIGSEGV) and process termination. The available s...

7.5CVSS5.8AI score0.00256EPSS
CVE
CVE
added 2025/07/27 5:32 a.m.54 views

CVE-2025-8224

CVE-2025-8224 affects GNU Binutils 2.44, specifically the BFD Library’s function bfd_elf_get_str_section in bfd/elf.c. The issue can cause a null pointer dereference and requires local access to exploit. Public exploit information exists. A patch is available (patch id: db856d41004301b3a56438efd9...

5.5CVSS3.9AI score0.00225EPSS
CVE
CVE
added 2025/09/27 10:32 p.m.51 views

CVE-2025-11082

The CVE-2025-11082 entry concerns GNU Binutils 2.45. The vulnerable component is the linker function _bfd_elf_parse_eh_frame in bfd/elf-eh-frame.c, where manipulation can trigger a heap-based buffer overflow. Exploitation requires local execution, and an exploit has been published. The patch refe...

7.8CVSS5.5AI score0.00234EPSS
CVE
CVE
added 2026/03/06 12:0 a.m.51 views

CVE-2025-69650

CVE-2025-69650 affects GNU Binutils up to version 2.46, specifically the readelf tool. The vulnerability arises during GOT relocation handling: dump_relocations may return early and fail to initialize the all_relocations array, causing process_got_section_contents() to pass an uninitialized r_sym...

7.5CVSS6.2AI score0.00502EPSS
CVE
CVE
added 2026/03/15 12:19 a.m.51 views

CVE-2026-3441

CVE-2026-3441 affects GNU Binutils, specifically an out-of-bounds read in the xcoff linker (bfd) triggered by processing a crafted XCOFF object file. The root cause is an out-of-bounds read in xcoff_link_add_symbols due to a bounds check issue on x_scnlen, leading to potential information disclos...

7.1CVSS6AI score0.00176EPSS
Total number of security vulnerabilities276