CVE-2017-7223

Technical details about CVE-2017-7223 are not provided in the supplied documents. Connected sources reference the CVE only at listing/advisory level without specifics. Monitor for updates.

CVE-2017-9039

GNU Binutils 2.28 is vulnerable to remote denial of service via a crafted ELF file containing many program headers. The issue arises in readelf.c within get_program_headers, as described in CVE-2017-9039. The connected Nessus entries confirm the same vulnerability details; no other fixes or mitig...

CVE-2020-19724

CVE-2020-19724: A memory consumption issue in get_data (binutils/nm.c) affects GNU nm prior to 2.34, enabling denial of service via crafted input. The primary technical detail is a memory‑based DoS in the get_data path of nm for nm.c; impact is a DoS condition. The Initial Description and connect...

CVE-2025-1180

The CVE-2025-1180 issue affects GNU Binutils 2.43, specifically the _bfd_elf_write_section_eh_frame function in bfd/elf-eh-frame.c used by ld. It causes memory corruption and can be triggered remotely; attack complexity is high, and exploitation is possible after disclosure. The available sources...

CVE-2017-12459

CVE-2017-12459 affects GNU Binutils (libbfd) specifically the bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c, distributed in Binutils 2.29 and earlier. The root cause is an out-of-bounds heap write triggered by processing crafted Mach-O files, enabling a remote attacker to potentially ach...

CVE-2017-15025

CVE-2017-15025 affects GNU Binutils (libbfd) as distributed with Binutils 2.29. The vulnerability is in decode_line_info within dwarf2.c and can be exploited via a crafted ELF file to trigger a divide-by-zero and crash the application, constituting a denial of service. The connected documents (in...

CVE-2017-7209

CVE-2017-7209 affects GNU Binutils readelf: the dump_section_as_bytes function dereferences a NULL pointer when reading section contents from a corrupt binary, causing a crash. The description is based on the provided CVE entry (Binutils 2.28). No public exploit details are given in the supplied ...

CVE-2017-7303

CVE-2017-7303 : The Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28 contains an invalid read of size 4 caused by a missing null-header check in find_link, which can cause Binutils utilities like strip to crash. The connected documents corroborate Binutils/BFD-related issues and...

CVE-2017-8395

CVE-2017-8395 affects the Binary File Descriptor (BFD) library (libbfd) included with GNU Binutils 2.28. The vulnerability arises from an unchecked malloc() return in _bfd_generic_get_section_contents, allowing an invalid write of size 8. This can cause crash-prone behavior in tools that analyze ...

CVE-2017-9044

Technical details for CVE-2017-9044 are not provided in the connected documents. The initial description notes a denial of service via crafted ELF in Binutils, but no concrete affected versions or fixes are given here. Monitor for updates.

CVE-2017-9753

CVE-2017-9753 concerns the GNU Binutils libbfd component. The versados_mkobject function (in bfd/versados.c) of Binutils 2.28 does not initialize a certain data structure, which the source describes as enabling a denial of service via a crafted binary when interpreting it with objdump -D. The vul...

CVE-2025-1179

GNU Binutils 2.43 contains a memory corruption vulnerability in the ld component, specifically in the bfd_putl64 function of bfd/libbfd.c. The issue can be triggered remotely and is characterized by high attack complexity and the possibility of exploitation being disclosed publicly. Upgrading to ...

CVE-2017-14938

CVE-2017-14938 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The flaw is in _bfd_elf_slurp_version_tables() within elf.c and allows an attacker to trigger a denial of service by feeding a crafted ELF file, causing excessive memory allocation and an application cr...

CVE-2017-9043

CVE-2017-9043 : GNU Binutils readelf (the readelf.c functionality in Binutils dated 2017-04-12) contains a “shift exponent too large for type unsigned long” issue that could allow a remote attacker to cause a denial of service (application crash) or potentially other impact via a crafted ELF file...

CVE-2017-9954

The CVE-2017-9954 issue affects GNU Binutils’ Binary File Descriptor library (libbfd), specifically the tekhex.c getvalue function. A crafted tekhex file can trigger a stack-based buffer over-read in nm, causing an application crash (DoS). Root cause is mishandling in getvalue within tekhex.c of ...

CVE-2017-13757

CVE-2017-13757 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29. A crafted ELF file can trigger a heap-based buffer over-read because the PLT section size is not validated in elf_i386_get_synthetic_symtab / elf_x86_64_get_synthetic_symtab, causing an application crash. The...

CVE-2017-15225

Technical details about CVE-2017-15225 (affected product/version, exploitability, remediation) are not provided in the connected documents. Monitor for updates from the sources for any concrete technical specifics.

CVE-2025-5245

The CVE-2025-5245 entry pertains to GNU Binutils up to version 2.44, affecting the objdump component. The flaw is in the debug_type_samep function inside /binutils/debug.c, where improper data handling leads to memory corruption. This enables a local attacker to exploit the vulnerability, and pub...

CVE-2017-9752

CVE-2017-9752 affects GNU Binutils 2.28 (BFD libbfd) with a vulnerability in bfd/vms-alpha.c (_bfd_vms_get_value and _bfd_vms_slurp_etir) when handling crafted VMS binary files during objdump -D. It can cause a denial of service via a buffer overflow with potential for unspecified impact. The con...

CVE-2023-25586

CVE-2023-25586 affects Binutils: a logic fail in bfd_init_section_decompress_status may use an uninitialized variable, causing a crash and local denial of service. Connected advisories confirm a fixed Binutils version; upstream advisories (e.g., TencentOS/FreeBSD entries) indicate a newer Binutil...

CVE-2017-7227

CVE-2017-7227 ; affect: GNU Binutils 2.28, specifically the GNU ld linker. It is a heap-based buffer overflow that occurs when processing a bogus input script, due to lack of '\0' termination of a name field in ldlex.l, leading to a program crash. The description does not provide exploit details ...

CVE-2017-7304

CVE-2017-7304 affects the GNU Binutils BFD library (libbfd) as distributed in Binutils 2.28. The vulnerability is an invalid read (size 8) caused by a missing check for an invalid sh_link in copy_special_section_fields before following it, which can crash Binutils utilities such as strip. The pro...

CVE-2017-8398

Technical details for CVE-2017-8398 are not publicly provided in the supplied documents. The materials mention Binutils 2.28 but do not specify affected products/versions beyond that, root cause, impact, or fixes; monitor for updates.

CVE-2025-1147

CVE-2025-1147 refers to a buffer overflow in GNU Binutils 2.43, specifically in nm.c:__sanitizer::internal_strlen. Connected advisories indicate the fix is in Binutils 2.45, with openSUSE/SUSE advisories recommending upgrading to 2.45 (and related patch content). The vulnerability is exploitable ...

CVE-2017-9751

CVE-2017-9751 concerns opcodes/rl78-decode.opc in GNU Binutils 2.28, where an unbounded GETBYTE macro can enable a crafted binary to trigger a buffer overflow during objdump -D, leading to a denial of service (application crash). The connected documents confirm this specific vector is tied to Bin...

CVE-2020-35342

CVE-2020-35342 (GNU Binutils) affects Binutils before 2.34, with an uninitialized-heap vulnerability in tic4x_print_cond (opcodes/tic4x-dis.c) that could lead to information leakage. Affected software: GNU Binutils; root cause: uninitialized heap memory in a print handler. Impact: potential infor...

CVE-2025-1148

GNU Binutils 2.43 contains a memory-leak vulnerability in ld/ldelfgen.c: link_order_scan. The issue is exploitable remotely with high attack complexity; vendor notes fixes have been made on master and a 2.45 branch/updates are available (binutils 2.45), so upgrading to a newer Binutils release is...

CVE-2025-1182

CVE-2025-1182 affects GNU Binutils 2.43, specifically the ld component; the memory corruption is triggered by bfd_elf_reloc_symbol_deleted_p in bfd/elflink.c. The vulnerability is remote-exploitable with high attack complexity, and public exploitation is noted. A patch is available (patch id: b42...

CVE-2005-4808

The CVE-2005-4808 entry concerns a buffer overflow in the GNU Binutils gas assembler: reset_vars in config/tc-crx.c, vulnerable in Binutils before 20050714. Exploitation is described as user-assisted with unknown impact via a crafted .s file. Multiple connected records ( RH/CVE, Ubuntu USN-366-1,...

CVE-2017-17126

CVE-2017-17126 affects GNU Binutils 2.29.1. The load_debug_section function in readelf.c may be triggered by an ELF file that lacks section headers, allowing remote attackers to cause a denial of service via invalid memory access and application crash (potentially other impact, as noted in the de...

CVE-2017-9743

The CVE-2017-9743 issue affects GNU Binutils 2.28. The vulnerability exists in the print_insn_score32 function (opcodes/score7-dis.c:552) and can be triggered by handling of a crafted binary file during objdump -D. Successful exploitation may lead to a denial of service via a buffer overflow and ...

CVE-2017-14933

CVE-2017-14933 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The vulnerability, in read_formatted_entries() within dwarf2.c, can cause a denial of service via an crafted ELF file by triggering an infinite loop. Affected component: BFD/dwarf2.c in Binutils 2.29. R...

CVE-2017-14934

CVE-2017-14934 affects the Binary File Descriptor (libbfd) component in GNU Binutils (2.29). A crafted ELF file containing a negative size value in a CU structure can trigger a denial of service via an infinite loop. The connected documents confirm the vulnerability pattern but do not provide a v...

CVE-2017-17080

CVE-2017-17080 affects the GNU Binutils libbfd/elf.c implementation. It does not validate core-note sizes in ELF files, allowing a crafted object file to trigger a heap-based read (bfd_getl32) and crash the application, i.e., a DoS. The description specifies Binutils 2.29.1 as the distributed ver...

CVE-2020-21490

CVE-2020-21490 is a memory-leak issue in GNU Binutils 2.34, triggered during disassembly of microblaze instructions (microblaze-dis.c). The memory consumption per disassembled instruction can lead to resource exhaustion and potential denial of service. Connected advisories (e.g., EulerOS summarie...

CVE-2017-7226

CVE-2017-7226 concerns the Binary File Descriptor (BFD) library (GNU Binutils) as distributed in Binutils 2.28. The vulnerability arises in the pe_ILF_object_p function, where a heap-based buffer over-read of size 4049 can occur because strlen is used instead of strnlen. This can cause program cr...

CVE-2025-1178

CVE-2025-1178 affects GNU Binutils 2.43, specifically the ld component’s libbfd.c function bfd_putl64, where memory corruption is triggered. The issue can be exploited remotely with high attack complexity, and the exploit has been disclosed publicly. A patch identifier 75086e9de1707281172cc77f178...

CVE-2017-9745

The CVE-2017-9745 issue affects GNU Binutils libbfd (Binutils 2.28) in the BFD implementation. The vulnerability is in the _bfd_vms_slurp_etir function (bfd/vms-alpha.c), where handling of a crafted vms file during objdump -D can cause a denial of service via a buffer overflow, potentially impact...

CVE-2012-3509

CVE-2012-3509 concerns multiple integer overflows in GNU binutils’ libiberty and related code paths (objalloc_alloc and CHUNK_HEADER_SIZE usage) that can trigger a heap-based buffer overflow when processing untrusted inputs. The vendor-adopted description in the connected records confirms the imp...

CVE-2025-11840

GNU Binutils 2.45 contains a vulnerability in the vfinfo function of ldmisc.c that can cause an out‑of‑bounds read. The issue is exploitable locally, and the exploit has been publicly released. A patch is referenced as 16357 and applying it is the recommended remediation. The vulnerability is not...

CVE-2005-4807

CVE-2005-4807 concerns the GNU Binutils gas assembler. The vulnerability is a stack-based buffer overflow in the as_bad function within messages.c, triggered by a .c file containing crafted inline assembly code. Under affected configurations, an attacker could potentially execute arbitrary code w...

CVE-2006-2362

CVE-2006-2362 is a buffer overflow in getsym in tekhex.c of libbfd (GNU Binutils) used by strings. Reported as exploitable to crash the application and possibly execute arbitrary code via a TekHex file with an invalid length character. Connected advisories (SUSE, Ubuntu USN-292-1, OpenVAS entries...

CVE-2025-69649

CVE-2025-69649 affects GNU Binutils up to version 2.46 (readelf). A vulnerability in relocation processing can pass an invalid or null section pointer to display_relocations(), causing a null pointer dereference that leads to a segmentation fault (SIGSEGV) and process termination. The available s...

CVE-2025-7546

CVE-2025-7546 affects GNU Binutils 2.45. The vulnerable component is the function bfd_elf_set_group_contents in the file bfd/elf.c , where input data length/size handling can trigger a heap/out-of-bounds write . Local attacker access is required. The exploit has been disclosed publicly. A patch i...

CVE-2025-69651

CVE-2025-69651 affects GNU Binutils through version 2.46, specifically the readelf component. The vulnerability arises from an invalid pointer free when parsing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations exits early, the internal all_relocations array may b...

CVE-2025-8224

CVE-2025-8224 affects GNU Binutils 2.44, specifically the BFD Library’s function bfd_elf_get_str_section in bfd/elf.c. The issue can cause a null pointer dereference and requires local access to exploit. Public exploit information exists. A patch is available (patch id: db856d41004301b3a56438efd9...

CVE-2026-3442

CVE-2026-3442 is a reported heap-based buffer overflow in the GNU Binutils bfd linker, caused by a missing r_symndx bounds check in xcoff_link_add_symbols. Exploitation would involve processing a crafted XCOFF object file and could lead to information disclosure or an application crash/DoS. Multi...

CVE-2025-7545

GNU Binutils 2.45 contains a heap-based buffer overflow in the function copy_section (binutils/objcopy.c). The issue requires local access to exploit. Public disclosure of the exploit exists. A patch identified as 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 has been released and should be applied to...

CVE-2025-8225

The CVE-2025-8225 issue affects GNU Binutils 2.44, specifically the function process_debug_info in binutils/dwarf.c of the DWARF Section Handler. The vulnerability results in a memory leak and requires local access to exploit. A patch is identified by the commit hash e51fdff7d2e538c0e5accdd65649a...

CVE-2025-11082

The CVE-2025-11082 entry concerns GNU Binutils 2.45. The vulnerable component is the linker function _bfd_elf_parse_eh_frame in bfd/elf-eh-frame.c, where manipulation can trigger a heap-based buffer overflow. Exploitation requires local execution, and an exploit has been published. The patch refe...