Lucene search
K
GnuBinutils

124 matches found

CVE
CVE
added 2022/08/25 12:0 a.m.500 views

CVE-2022-38533

CVE-2022-38533 affects GNU binutils prior to 2.40. A heap-buffer-overflow in the error function bfd_getl32, triggered when binutils is used by strip-new/strip_main on a crafted file, can lead to a crash and, in some disclosures, potential code execution. The issue is documented across multiple co...

5.5CVSS5.3AI score0.00311EPSS
CVE
CVE
added 2019/07/24 3:30 a.m.376 views

CVE-2019-14250

The CVE-2019-14250 entry affects GNU Binutils (libiberty) and is caused by an missing check for a zero shstrndx in simple-object-elf.c: simple_object_elf_match can overflow memory, causing a heap-based buffer overflow. Affected component: GNU Binutils/libiberty. Root cause: integer overflow from ...

5.5CVSS6.4AI score0.02317EPSS
CVE
CVE
added 2018/03/22 9:0 p.m.275 views

CVE-2018-8945

CVE-2018-8945 affects the Binary File Descriptor library (libbfd) within GNU Binutils 2.30. The bfd_section_from_shdr function can be triggered by a crafted attribute section in an ELF file, causing a remote denial of service (segmentation fault). Public advisories and CVE lists (CentOS/CESA, Gen...

5.5CVSS5.9AI score0.02057EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.257 views

CVE-2018-7568

CVE-2018-7568 affects the GNU Binutils libbfd component; specifically, an integer wraparound/overflow in the parse_die path (dwarf1.c) when processing ELF files with corrupted DWARF debug info, potentially allowing a remote attacker to crash the application (denial of service). Several connected ...

5.5CVSS6.1AI score0.01961EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.248 views

CVE-2018-7569

CVE-2018-7569 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30 and earlier. The flaw resides in dwarf2.c where a crafted ELF file containing a corrupted DWARF FORM block can trigger an integer underflow/overflow, leading to a denial of service (application crash). Th...

5.5CVSS6AI score0.02085EPSS
CVE
CVE
added 2018/03/02 3:0 p.m.248 views

CVE-2018-7642

Summary: CVE-2018-7642 affects the GNU Binutils Binary File Descriptor library (libbfd) in the aoutx.h path, with a vulnerability in swap_std_reloc_in that can trigger a NULL pointer dereference when processing crafted ELF files, causing a denial of service. The vulnerability is evidenced in mult...

5.5CVSS5.8AI score0.01918EPSS
CVE
CVE
added 2019/02/24 12:0 a.m.218 views

CVE-2019-9074

CVE-2019-9074 affects the GNU Binutils Binary File Descriptor library (libbfd) bundled in Binutils 2.32. It is an out-of-bounds read in bfd_getl32 called from pei-x86_64.c, leading to a SEGV. Several connected advisories confirm impact on local attackers via crafted ELF/PE files and DoS, with pos...

5.5CVSS5.9AI score0.01569EPSS
CVE
CVE
added 2019/01/01 4:0 p.m.209 views

CVE-2018-20651

CVE-2018-20651 is a vulnerability in GNU Binutils (libbfd) where a NULL pointer is dereferenced in elf_link_add_object_symbols (elflink.c) when processing a crafted ET_DYN ELF without program headers. This leads to denial of service and is described as remote-exploit in ld. Connected advisories (...

5.5CVSS6AI score0.02247EPSS
CVE
CVE
added 2019/06/26 1:27 p.m.209 views

CVE-2019-12972

CVE-2019-12972 is a heap-based buffer over-read in the Binary File Descriptor (BFD) library (libbfd) distributed with GNU Binutils 2.32. The vulnerability arises in _bfd_doprnt in bfd.c where elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' ...

5.5CVSS6.2AI score0.01802EPSS
CVE
CVE
added 2023/01/27 12:0 a.m.200 views

CVE-2022-4285

CVE-2022-4285 is a memory access flaw in GNU binutils that can cause a denial of service when parsing an ELF file with corrupt symbol version information. It stems from an incomplete fix for CVE-2020-16599. Multiple sources (including AlmaLinux advisories and Broadcom/Brocade disclosures referenc...

5.5CVSS5.6AI score0.00437EPSS
CVE
CVE
added 2018/12/31 7:0 p.m.198 views

CVE-2018-20623

CVE-2018-20623 affects GNU Binutils 2.31.1. A use-after-free in elfcomm.c: error() when called from readelf.c:process_archive via a crafted ELF can cause a crash. This is echoed in the Astra Linux bulletin. No exploitation details or patch/version fixes are provided in the supplied documents; rem...

5.5CVSS5.9AI score0.01817EPSS
CVE
CVE
added 2018/02/06 8:0 p.m.194 views

CVE-2018-6759

CVE-2018-6759 affects GNU Binutils libbfd (BFD) in Binutils 2.30. The bfd_get_debug_link_info_1 function in opncls.c uses an unchecked strnlen, enabling remote-crafted ELF files to trigger a denial of service (segmentation fault). Remediation per vendor advisories is to upgrade Binutils to a newe...

5.5CVSS5.7AI score0.02131EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.194 views

CVE-2022-48064

CVE-2022-48064 affects GNU Binutils up to version 2.40, where an excessive memory consumption vulnerability in bfd_dwarf2_find_nearest_line_with_alt (dwarf2.c) can be triggered by a crafted ELF file, enabling a remote attacker to cause a DNS attack. IBM/Red Hat/Amazon advisories indicate this req...

5.5CVSS6AI score0.0059EPSS
CVE
CVE
added 2019/07/30 12:5 p.m.193 views

CVE-2019-14444

CVE-2019-14444: GNU Binutils 2.32 contains an integer overflow in readelf/elfcomm.c (byte_put_little_endian) that can trigger a denial of service via crafted ELF files. IBM Netezza products have addressed this by upgrading Binutils; remediation patches include Netezza Analytics 3.3.8 (and related...

5.5CVSS6.2AI score0.01481EPSS
CVE
CVE
added 2018/02/28 9:0 p.m.192 views

CVE-2018-7570

CVE-2018-7570 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.30, where assign_file_positions_for_non_load_sections in elf.c can cause a NULL pointer dereference/DoS when processing an ELF with a RELRO segment lacking a matching LOAD. Exploitation details are not provided in the document...

5.5CVSS5.9AI score0.01508EPSS
CVE
CVE
added 2018/04/29 3:0 p.m.191 views

CVE-2018-10535

CVE-2018-10535 affects GNU Binutils’ libbfd (ignore_section_sym in elf.c) where a symtab entry with a SECTION type and value 0 can lead to a NULL pointer dereference and crash via a crafted file (e.g., objcopy). The issue is reported for Binutils 2.30 with a vulnerable path in ignore_section_sym ...

5.5CVSS5.8AI score0.02236EPSS
CVE
CVE
added 2018/12/07 7:0 a.m.190 views

CVE-2018-19932

CVE-2018-19932 affects GNU Binutils libbfd. The issue is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. Public docs describe it as a vulnerability in binutils through 2.31 with potential stability/denial effects; remediation quoted in connected sources is ...

5.5CVSS6.3AI score0.01977EPSS
CVE
CVE
added 2018/04/25 9:0 a.m.188 views

CVE-2018-10372

GNU Binutils 2.30 contains a heap-based buffer over-read in process_cu_tu_index (dwarf.c) that can be triggered by processing a crafted binary file (e.g., via readelf), leading to denial of service. The issue affects Binutils 2.30 as distributed in affected builds and has been addressed in later ...

5.5CVSS5.9AI score0.02412EPSS
CVE
CVE
added 2021/01/04 2:24 p.m.188 views

CVE-2020-35507

CVE-2020-35507 (binutils) concerns a NULL pointer dereference in bfd_pef_parse_function_stubs in bfd/pef.c when processing crafted files with objdump, affecting versions prior to 2.34. This is a Binutils issue that can impact availability. The Astra Linux security bulletin mirrors this flaw and c...

5.5CVSS5.7AI score0.01234EPSS
CVE
CVE
added 2018/02/09 6:0 a.m.187 views

CVE-2018-6872

CVE-2018-6872 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30. The vulnerability is in the function elf_parse_notes (elf.c) and allows a remote attacker to cause a denial of service via an out-of-bounds read leading to segmentation fault when processing a note with ...

5.5CVSS5.8AI score0.02209EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.186 views

CVE-2022-48065

CVE-2022-48065 affects GNU Binutils up to version 2.39.x (before 2.40). The vulnerability is a memory leak in the function find_abstract_instance in the file dwarf2.c . The issue can lead to increased memory consumption and, as reported in sources, potential crashes. The connected documents consi...

5.5CVSS6.1AI score0.00654EPSS
CVE
CVE
added 2018/07/01 4:0 p.m.185 views

CVE-2018-13033

CVE-2018-13033 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.30, enabling an attacker to cause a denial of service (excessive memory allocation and crash) via a crafted ELF file during nm execution. Connected advisories confirm a fix path through updates to binutils ...

5.5CVSS5.8AI score0.03095EPSS
CVE
CVE
added 2018/04/29 3:0 p.m.181 views

CVE-2018-10534

CVE-2018-10534 is a vulnerability in GNU Binutils’ Binary File Descriptor library (libbfd). The issue arises in the function sequence involving the _bfd_XX_bfd_copy_private_bfd_data_common routine (peXXigen.c) when processing a negative Data Directory size, which enters an unbounded loop and expa...

5.5CVSS6.1AI score0.01886EPSS
CVE
CVE
added 2023/09/14 8:47 p.m.179 views

CVE-2023-25588

CVE-2023-25588 affects GNU Binutils: the the_bfd field of the asymbol struct is uninitialized in bfd_mach_o_get_synthetic_symtab, potentially causing a crash and local denial of service. Exploitation details are not provided in the documents reviewed here. Several advisories reference this CVE am...

5.5CVSS5.3AI score0.00375EPSS
CVE
CVE
added 2019/01/04 4:0 p.m.178 views

CVE-2018-20671

CVE-2018-20671 affects GNU Binutils up to version 2.31.1, where load_specific_debug_section in objdump.c may overflow an integer, triggering a heap-based buffer overflow via a crafted section size. Connected docs confirm the same description in Astra Linux security bulletin and related advisories...

5.5CVSS6.2AI score0.01973EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.175 views

CVE-2018-17359

CVE-2018-17359 affects the GNU Binutils Binary File Descriptor (BFD) library (libbfd). The issue is an invalid memory access in bfd_zalloc within opncls.c that can be triggered by a crafted ELF file, leading to a denial of service (application crash). Affected component: GNU Binutils (libbfd) as ...

5.5CVSS5.7AI score0.01284EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.174 views

CVE-2018-17358

CVE-2018-17358 : A vulnerability in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.31 allows an invalid memory access in _bfd_stab_section_find_nearest_line (syms.c). This can be triggered by processing a crafted ELF file and may cause an application crash (DoS...

5.5CVSS5.7AI score0.01326EPSS
CVE
CVE
added 2018/10/15 2:0 a.m.174 views

CVE-2018-18309

CVE-2018-18309 affects the GNU Binutils Binary File Descriptor library (libbfd) as distributed with Binutils 2.31. The issue is an invalid memory address dereference in read_reloc (reloc.c) that can cause a segmentation fault and application crash, leading to denial of service due to missing boun...

5.5CVSS6AI score0.0182EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.174 views

CVE-2018-18605

CVE-2018-18605 affects GNU Binutils libbfd (BFD) where a heap-based buffer over-read occurs in sec_merge_hash_lookup during section merges when entsize does not divide the size. This can allow remote DoS via specially crafted ELF (as demonstrated by ld). Affected products reference Binutils 2.31;...

5.5CVSS6.1AI score0.0232EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.174 views

CVE-2022-48063

The connected sources confirm CVE-2022-48063 affects GNU Binutils prior to 2.40. The vulnerability is an excessive memory consumption issue in the load_separate_debug_files function (dwarf2.c). An attacker could create a crafted ELF file to trigger a DNS-based denial of service. Impact is limited...

5.5CVSS6AI score0.00483EPSS
CVE
CVE
added 2025/02/10 7:0 p.m.173 views

CVE-2025-1153

GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...

5.9CVSS3.6AI score0.01331EPSS
CVE
CVE
added 2018/09/23 6:0 p.m.172 views

CVE-2018-17360

The CVE-2018-17360 issue is a vulnerability in the GNU Binutils Binary File Descriptor (BFD) library (libbfd). Concrete details in connected documents show a heap-based buffer over-read in bfd_getl32() within libbfd.c, exploitable via a crafted PE file and triggerable by objdump. The Astra Linux ...

5.5CVSS5.8AI score0.01341EPSS
CVE
CVE
added 2018/10/18 8:0 p.m.172 views

CVE-2018-18484

CVE-2018-18484 is a GNU Binutils stack exhaustion/denial-of-service in cp-demangle.c (C++ demangling) due to recursive stack usage. Public advisories (IBM Netezza Platform Software, IBM Netezza Analytics, Astra Linux bulletin) confirm the same root cause and list affected products and versions. I...

5.5CVSS6AI score0.01884EPSS
CVE
CVE
added 2021/03/26 4:39 p.m.172 views

CVE-2021-20284

CVE-2021-20284 affects GNU Binutils (version 2.35.1) with a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section (elf.c) caused by incorrect calculation of the number of symbols. The vulnerability is described as having a highest impact on availability. The provided materials iden...

5.5CVSS6AI score0.01287EPSS
CVE
CVE
added 2020/12/09 9:5 p.m.170 views

CVE-2020-16592

CVE-2020-16592 concerns a use-after-free in the Binary File Descriptor (libbfd) within GNU Binutils 2.34. The vulnerability is triggered in the function bfd_hash_lookup (as used by nm-new), leading to a denial of service via a crafted file. The connected documents identify the affected component ...

5.5CVSS5.5AI score0.01046EPSS
CVE
CVE
added 2023/09/14 8:50 p.m.170 views

CVE-2023-25585

Binutils contains CVE-2023-25585: the file_table field of struct module *module is uninitialized, which may cause an application crash and local denial of service. This is corroborated by multiple connected advisories (Astra Linux, Alpine Linux, Debian Security Tracker, FreeBSD VuxML, and CVE rec...

5.5CVSS5.6AI score0.00376EPSS
CVE
CVE
added 2018/10/04 11:0 p.m.169 views

CVE-2018-17985

CVE-2018-17985 is a stack consumption vulnerability in GNU Binutils (libiberty), observed in cp-demangle.c with cplus_demangle_type performing recursive calls when many 'P' characters occur. The Astra Linux advisory mirrors this description, noting the issue in Binutils 2.31. The provided documen...

5.5CVSS6AI score0.01291EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.169 views

CVE-2018-18607

CVE-2018-18607 is a NULL pointer dereference in elf_link_input_bfd (elfin GNU Binutils libbfd) when locating STT_TLS symbols without a TLS section. A crafted ELF can cause denial of service (DoS); impact is consistent with DoS in affected Binutils 2.31, including remote triggering via ld in demon...

5.5CVSS6AI score0.0232EPSS
CVE
CVE
added 2020/12/09 9:6 p.m.168 views

CVE-2020-16599

CVE-2020-16599 concerns a NULL pointer dereference in the GNU Binutils library (libbfd) distributed with Binutils 2.35, specifically in _bfd_elf_get_symbol_version_string used by nm-new, which can cause a denial of service via a crafted ELF file. The connected Nessus entries note an “illegal memo...

5.5CVSS5.4AI score0.01042EPSS
CVE
CVE
added 2019/07/23 1:39 p.m.162 views

CVE-2019-1010204

CVE-2019-1010204 affects GNU binutils, specifically the gold linker. The vulnerability arises from a combination of improper input validation , signed/unsigned comparison , and an out-of-bounds read in the code paths for gold/fileread.cc:497 and elfcpp/elfcpp_file.h:644. The documented impact is ...

5.5CVSS5.9AI score0.01115EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.162 views

CVE-2022-35205

CVE-2022-35205 concerns GNU Binutils, specifically the readelf tool in version 2.38.50. The issue is a reachable assertion failure in display_debug_names, which can be exploited to cause a denial of service. Multiple connected documents confirm this CVE and describe the affected component as part...

5.5CVSS6.3AI score0.00397EPSS
CVE
CVE
added 2018/10/23 5:0 p.m.160 views

CVE-2018-18606

CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...

5.5CVSS6AI score0.0232EPSS
CVE
CVE
added 2019/01/04 5:0 p.m.153 views

CVE-2018-20673

CVE-2018-20673 affects the GNU libiberty component (demangle_template() in cplus-dem.c) shipped with GNU Binutils 2.31.1, causing an integer overflow that can lead to a heap-based buffer overflow when creating an array for template argument values (as demonstrated by nm). Connected advisories ref...

5.5CVSS5.7AI score0.01637EPSS
CVE
CVE
added 2021/01/04 2:24 p.m.153 views

CVE-2020-35496

CVE-2020-35496 describes a vulnerability in binutils’ bfd_pef_scan_start_address() that could trigger a NULL pointer dereference when processing a crafted file with the BFD/PEF code, impacting affected binutils versions prior to 2.34. The issue arises from a flaw in how the function handles dwarf...

5.5CVSS5.5AI score0.01141EPSS
CVE
CVE
added 2021/01/04 2:22 p.m.150 views

CVE-2020-35493

CVE-2020-35493 is a Binutils vulnerability in bfd/pef.c that can cause a heap-based buffer overflow and an out-of-bounds read, potentially impacting availability. It affects binutils versions prior to 2.34. Remediation: upgrade Binutils to version 2.34 or newer (or apply vendor-specific patches i...

5.5CVSS5.8AI score0.01129EPSS
CVE
CVE
added 2025/04/04 1:31 a.m.147 views

CVE-2025-3198

CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...

5.5CVSS7.1AI score0.00261EPSS
CVE
CVE
added 2018/12/10 2:0 a.m.144 views

CVE-2018-20002

CVE-2018-20002 affects GNU Binutils’ BFD library (libbfd); the _bfd_generic_read_minisymbols function leaks memory when processing crafted ELF files, causing DoS via memory consumption. Documented in multiple sources (Binutils 2.31, nm demonstration). Impact is a denial of service with potential ...

5.5CVSS5.7AI score0.01819EPSS
CVE
CVE
added 2018/06/22 12:0 p.m.136 views

CVE-2018-12641

CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...

5.5CVSS6.1AI score0.02077EPSS
CVE
CVE
added 2019/02/24 12:0 a.m.136 views

CVE-2019-9071

CVE-2019-9071 affects GNU Binutils’ libiberty component (cp-demangle.c, function d_count_templates_scopes) with a stack consumption/stack overflow vulnerability after deep recursion. Likely enables buffer overflow and remote code execution in affected contexts as described in multiple advisories....

5.5CVSS6.1AI score0.01813EPSS
CVE
CVE
added 2017/10/27 9:0 p.m.129 views

CVE-2017-15939

Technical details about CVE-2017-15939 are not provided in the connected documents. The initial note mentions a libbfd issue in Binutils but no specific products, versions, impact, or fixes are disclosed here. Monitor for updates.

5.5CVSS5.8AI score0.01707EPSS
Total number of security vulnerabilities124