124 matches found
CVE-2022-38533
CVE-2022-38533 affects GNU binutils prior to 2.40. A heap-buffer-overflow in the error function bfd_getl32, triggered when binutils is used by strip-new/strip_main on a crafted file, can lead to a crash and, in some disclosures, potential code execution. The issue is documented across multiple co...
CVE-2019-14250
The CVE-2019-14250 entry affects GNU Binutils (libiberty) and is caused by an missing check for a zero shstrndx in simple-object-elf.c: simple_object_elf_match can overflow memory, causing a heap-based buffer overflow. Affected component: GNU Binutils/libiberty. Root cause: integer overflow from ...
CVE-2018-8945
CVE-2018-8945 affects the Binary File Descriptor library (libbfd) within GNU Binutils 2.30. The bfd_section_from_shdr function can be triggered by a crafted attribute section in an ELF file, causing a remote denial of service (segmentation fault). Public advisories and CVE lists (CentOS/CESA, Gen...
CVE-2018-7568
CVE-2018-7568 affects the GNU Binutils libbfd component; specifically, an integer wraparound/overflow in the parse_die path (dwarf1.c) when processing ELF files with corrupted DWARF debug info, potentially allowing a remote attacker to crash the application (denial of service). Several connected ...
CVE-2018-7569
CVE-2018-7569 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30 and earlier. The flaw resides in dwarf2.c where a crafted ELF file containing a corrupted DWARF FORM block can trigger an integer underflow/overflow, leading to a denial of service (application crash). Th...
CVE-2018-7642
Summary: CVE-2018-7642 affects the GNU Binutils Binary File Descriptor library (libbfd) in the aoutx.h path, with a vulnerability in swap_std_reloc_in that can trigger a NULL pointer dereference when processing crafted ELF files, causing a denial of service. The vulnerability is evidenced in mult...
CVE-2019-9074
CVE-2019-9074 affects the GNU Binutils Binary File Descriptor library (libbfd) bundled in Binutils 2.32. It is an out-of-bounds read in bfd_getl32 called from pei-x86_64.c, leading to a SEGV. Several connected advisories confirm impact on local attackers via crafted ELF/PE files and DoS, with pos...
CVE-2018-20651
CVE-2018-20651 is a vulnerability in GNU Binutils (libbfd) where a NULL pointer is dereferenced in elf_link_add_object_symbols (elflink.c) when processing a crafted ET_DYN ELF without program headers. This leads to denial of service and is described as remote-exploit in ld. Connected advisories (...
CVE-2019-12972
CVE-2019-12972 is a heap-based buffer over-read in the Binary File Descriptor (BFD) library (libbfd) distributed with GNU Binutils 2.32. The vulnerability arises in _bfd_doprnt in bfd.c where elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' ...
CVE-2022-4285
CVE-2022-4285 is a memory access flaw in GNU binutils that can cause a denial of service when parsing an ELF file with corrupt symbol version information. It stems from an incomplete fix for CVE-2020-16599. Multiple sources (including AlmaLinux advisories and Broadcom/Brocade disclosures referenc...
CVE-2018-20623
CVE-2018-20623 affects GNU Binutils 2.31.1. A use-after-free in elfcomm.c: error() when called from readelf.c:process_archive via a crafted ELF can cause a crash. This is echoed in the Astra Linux bulletin. No exploitation details or patch/version fixes are provided in the supplied documents; rem...
CVE-2018-6759
CVE-2018-6759 affects GNU Binutils libbfd (BFD) in Binutils 2.30. The bfd_get_debug_link_info_1 function in opncls.c uses an unchecked strnlen, enabling remote-crafted ELF files to trigger a denial of service (segmentation fault). Remediation per vendor advisories is to upgrade Binutils to a newe...
CVE-2022-48064
CVE-2022-48064 affects GNU Binutils up to version 2.40, where an excessive memory consumption vulnerability in bfd_dwarf2_find_nearest_line_with_alt (dwarf2.c) can be triggered by a crafted ELF file, enabling a remote attacker to cause a DNS attack. IBM/Red Hat/Amazon advisories indicate this req...
CVE-2019-14444
CVE-2019-14444: GNU Binutils 2.32 contains an integer overflow in readelf/elfcomm.c (byte_put_little_endian) that can trigger a denial of service via crafted ELF files. IBM Netezza products have addressed this by upgrading Binutils; remediation patches include Netezza Analytics 3.3.8 (and related...
CVE-2018-7570
CVE-2018-7570 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.30, where assign_file_positions_for_non_load_sections in elf.c can cause a NULL pointer dereference/DoS when processing an ELF with a RELRO segment lacking a matching LOAD. Exploitation details are not provided in the document...
CVE-2018-10535
CVE-2018-10535 affects GNU Binutils’ libbfd (ignore_section_sym in elf.c) where a symtab entry with a SECTION type and value 0 can lead to a NULL pointer dereference and crash via a crafted file (e.g., objcopy). The issue is reported for Binutils 2.30 with a vulnerable path in ignore_section_sym ...
CVE-2018-19932
CVE-2018-19932 affects GNU Binutils libbfd. The issue is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Public docs describe it as a vulnerability in binutils through 2.31 with potential stability/denial effects; remediation quoted in connected sources is ...
CVE-2018-10372
GNU Binutils 2.30 contains a heap-based buffer over-read in process_cu_tu_index (dwarf.c) that can be triggered by processing a crafted binary file (e.g., via readelf), leading to denial of service. The issue affects Binutils 2.30 as distributed in affected builds and has been addressed in later ...
CVE-2020-35507
CVE-2020-35507 (binutils) concerns a NULL pointer dereference in bfd_pef_parse_function_stubs in bfd/pef.c when processing crafted files with objdump, affecting versions prior to 2.34. This is a Binutils issue that can impact availability. The Astra Linux security bulletin mirrors this flaw and c...
CVE-2018-6872
CVE-2018-6872 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30. The vulnerability is in the function elf_parse_notes (elf.c) and allows a remote attacker to cause a denial of service via an out-of-bounds read leading to segmentation fault when processing a note with ...
CVE-2022-48065
CVE-2022-48065 affects GNU Binutils up to version 2.39.x (before 2.40). The vulnerability is a memory leak in the function find_abstract_instance in the file dwarf2.c . The issue can lead to increased memory consumption and, as reported in sources, potential crashes. The connected documents consi...
CVE-2018-13033
CVE-2018-13033 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30, enabling an attacker to cause a denial of service (excessive memory allocation and crash) via a crafted ELF file during nm execution. Connected advisories confirm a fix path through updates to binutils ...
CVE-2018-10534
CVE-2018-10534 is a vulnerability in GNU Binutils’ Binary File Descriptor library (libbfd). The issue arises in the function sequence involving the _bfd_XX_bfd_copy_private_bfd_data_common routine (peXXigen.c) when processing a negative Data Directory size, which enters an unbounded loop and expa...
CVE-2023-25588
CVE-2023-25588 affects GNU Binutils: the the_bfd field of the asymbol struct is uninitialized in bfd_mach_o_get_synthetic_symtab, potentially causing a crash and local denial of service. Exploitation details are not provided in the documents reviewed here. Several advisories reference this CVE am...
CVE-2018-20671
CVE-2018-20671 affects GNU Binutils up to version 2.31.1, where load_specific_debug_section in objdump.c may overflow an integer, triggering a heap-based buffer overflow via a crafted section size. Connected docs confirm the same description in Astra Linux security bulletin and related advisories...
CVE-2018-17359
CVE-2018-17359 affects the GNU Binutils Binary File Descriptor (BFD) library (libbfd). The issue is an invalid memory access in bfd_zalloc within opncls.c that can be triggered by a crafted ELF file, leading to a denial of service (application crash). Affected component: GNU Binutils (libbfd) as ...
CVE-2018-17358
CVE-2018-17358 : A vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.31 allows an invalid memory access in _bfd_stab_section_find_nearest_line (syms.c). This can be triggered by processing a crafted ELF file and may cause an application crash (DoS...
CVE-2018-18309
CVE-2018-18309 affects the GNU Binutils Binary File Descriptor library (libbfd) as distributed with Binutils 2.31. The issue is an invalid memory address dereference in read_reloc (reloc.c) that can cause a segmentation fault and application crash, leading to denial of service due to missing boun...
CVE-2018-18605
CVE-2018-18605 affects GNU Binutils libbfd (BFD) where a heap-based buffer over-read occurs in sec_merge_hash_lookup during section merges when entsize does not divide the size. This can allow remote DoS via specially crafted ELF (as demonstrated by ld). Affected products reference Binutils 2.31;...
CVE-2022-48063
The connected sources confirm CVE-2022-48063 affects GNU Binutils prior to 2.40. The vulnerability is an excessive memory consumption issue in the load_separate_debug_files function (dwarf2.c). An attacker could create a crafted ELF file to trigger a DNS-based denial of service. Impact is limited...
CVE-2025-1153
GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...
CVE-2018-17360
The CVE-2018-17360 issue is a vulnerability in the GNU Binutils Binary File Descriptor (BFD) library (libbfd). Concrete details in connected documents show a heap-based buffer over-read in bfd_getl32() within libbfd.c, exploitable via a crafted PE file and triggerable by objdump. The Astra Linux ...
CVE-2018-18484
CVE-2018-18484 is a GNU Binutils stack exhaustion/denial-of-service in cp-demangle.c (C++ demangling) due to recursive stack usage. Public advisories (IBM Netezza Platform Software, IBM Netezza Analytics, Astra Linux bulletin) confirm the same root cause and list affected products and versions. I...
CVE-2021-20284
CVE-2021-20284 affects GNU Binutils (version 2.35.1) with a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section (elf.c) caused by incorrect calculation of the number of symbols. The vulnerability is described as having a highest impact on availability. The provided materials iden...
CVE-2020-16592
CVE-2020-16592 concerns a use-after-free in the Binary File Descriptor (libbfd) within GNU Binutils 2.34. The vulnerability is triggered in the function bfd_hash_lookup (as used by nm-new), leading to a denial of service via a crafted file. The connected documents identify the affected component ...
CVE-2023-25585
Binutils contains CVE-2023-25585: the file_table field of struct module *module is uninitialized, which may cause an application crash and local denial of service. This is corroborated by multiple connected advisories (Astra Linux, Alpine Linux, Debian Security Tracker, FreeBSD VuxML, and CVE rec...
CVE-2018-17985
CVE-2018-17985 is a stack consumption vulnerability in GNU Binutils (libiberty), observed in cp-demangle.c with cplus_demangle_type performing recursive calls when many 'P' characters occur. The Astra Linux advisory mirrors this description, noting the issue in Binutils 2.31. The provided documen...
CVE-2018-18607
CVE-2018-18607 is a NULL pointer dereference in elf_link_input_bfd (elfin GNU Binutils libbfd) when locating STT_TLS symbols without a TLS section. A crafted ELF can cause denial of service (DoS); impact is consistent with DoS in affected Binutils 2.31, including remote triggering via ld in demon...
CVE-2020-16599
CVE-2020-16599 concerns a NULL pointer dereference in the GNU Binutils library (libbfd) distributed with Binutils 2.35, specifically in _bfd_elf_get_symbol_version_string used by nm-new, which can cause a denial of service via a crafted ELF file. The connected Nessus entries note an “illegal memo...
CVE-2019-1010204
CVE-2019-1010204 affects GNU binutils, specifically the gold linker. The vulnerability arises from a combination of improper input validation , signed/unsigned comparison , and an out-of-bounds read in the code paths for gold/fileread.cc:497 and elfcpp/elfcpp_file.h:644. The documented impact is ...
CVE-2022-35205
CVE-2022-35205 concerns GNU Binutils, specifically the readelf tool in version 2.38.50. The issue is a reachable assertion failure in display_debug_names, which can be exploited to cause a denial of service. Multiple connected documents confirm this CVE and describe the affected component as part...
CVE-2018-18606
CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...
CVE-2018-20673
CVE-2018-20673 affects the GNU libiberty component (demangle_template() in cplus-dem.c) shipped with GNU Binutils 2.31.1, causing an integer overflow that can lead to a heap-based buffer overflow when creating an array for template argument values (as demonstrated by nm). Connected advisories ref...
CVE-2020-35496
CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...
CVE-2020-35493
CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...
CVE-2025-3198
CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...
CVE-2018-20002
CVE-2018-20002 affects GNU Binutils’ BFD library (libbfd); the _bfd_generic_read_minisymbols function leaks memory when processing crafted ELF files, causing DoS via memory consumption. Documented in multiple sources (Binutils 2.31, nm demonstration). Impact is a denial of service with potential ...
CVE-2019-9071
CVE-2019-9071 affects GNU Binutils’ libiberty component (cp-demangle.c, function d_count_templates_scopes) with a stack consumption/stack overflow vulnerability after deep recursion. Likely enables buffer overflow and remote code execution in affected contexts as described in multiple advisories....
CVE-2018-12641
CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...
CVE-2017-15939
Technical details about CVE-2017-15939 are not provided in the connected documents. The initial note mentions a libbfd issue in Binutils but no specific products, versions, impact, or fixes are disclosed here. Monitor for updates.