15 matches found
CVE-2023-1972
CVE-2023-1972 is a memory corruption issue in GNU Binutils. The initial description confirms a potential heap-based buffer overflow in _bfd_elf_slurp_version_tables() within bfd/elf.c, which may lead to loss of availability. Connected documents specify affected package family as binutils and note...
CVE-2019-17450
CVE-2019-17450 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.32, where find_abstract_instance in dwarf2.c can cause infinite recursion and denial of service via a crafted ELF file. Public sources in connected documents indicate a remediation: upgrade Binutils to a patched version (e.g....
CVE-2021-20197
CVE-2021-20197 is a local race-condition vulnerability in GNU Binutils (affecting ar, objcopy, strip, ranlib) up to version 2.35. An unprivileged user can exploit a symlink-based race window when these tools run as a privileged user to gain ownership of arbitrary files. The provided documents con...
CVE-2019-17451
CVE-2019-17451 is a vulnerability in GNU Binutils 2.32 (libbfd) where an integer overflow in _bfd_dwarf2_find_nearest_line (dwarf2.c) can cause a SEGV. Affected products reference Binutils in various IBM Netezza/NPS advisories and Astra Linux; remediation is to upgrade to a newer Binutils version...
CVE-2018-10373
CVE-2018-10373 is a vulnerability in the GNU Binutils Binary File Descriptor library (libbfd), specifically in the function concat_filename() in dwarf2.c. The issue (present in Binutils 2.30) allows remote attackers to trigger a denial of service via a crafted binary file, caused by a NULL pointe...
CVE-2021-32256
CVE-2021-32256 is a stack-overflow in demangle_type within GNU libiberty (as distributed in GNU Binutils 2.36). It affects Binutils/libiberty components (e.g., gcc/gdb contexts linked to Binutils) and can lead to denial of service via stack overflow. Connected records confirm a patched version is...
CVE-2020-35494
CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...
CVE-2018-17794
CVE-2018-17794 affects GNU Binutils/libiberty (cplus-dem.c) where a NULL pointer dereference in work_stuff_copy_to_from can be triggered when called from iterate_demangle_function. The issue is tied to Binutils 2.31; the provided documents describe the vulnerability and target the demangling work...
CVE-2017-12967
CVE-2017-12967 involves the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29. The getsym function in tekhex.c may be triggered by a malformed tekhex binary, allowing a remote attacker to cause a denial of service via a stack-based buffer over-read and resulting in an application...
CVE-2018-20712
CVE-2018-20712 : A heap-based buffer over-read in d_expression_1 (cp-demangle.c) of GNU libiberty, distributed with GNU Binutils 2.31.1, can cause segmentation faults and denial-of-service as shown by c++filt. Connected sources confirm the same flaw and tie it to GNU Binutils components used by b...
CVE-2025-1178
CVE-2025-1178 affects GNU Binutils 2.43, specifically the ld component’s libbfd.c function bfd_putl64, where memory corruption is triggered. The issue can be exploited remotely with high attack complexity, and the exploit has been disclosed publicly. A patch identifier 75086e9de1707281172cc77f178...
CVE-2025-69652
GNU Binutils readelf (up to version 2.46) contains a vulnerability when processing crafted ELF binaries with malformed DWARF/debug info. Root cause: incomplete cleanup in process_debug_info can leave invalid debug_info_p state, causing a fatal abort in byte_get_little_endian() for certain zero-le...
CVE-2026-4647
The CVE-2026-4647 issue affects the GNU Binutils BFD library when handling XCOFF object files. A relocation type value is not properly validated before use, allowing an out-of-bounds read. This can cause tools that process XCOFF binaries to crash or expose unintended memory contents, leading to d...
CVE-2025-69648
CVE-2025-69648 affects GNU Binutils readelf (up to 2.45.1) and related mingw-binutils packages. The issue is a logic flaw in the DWARF parser when handling crafted binaries with malformed .debug_rnglists data, causing readelf to print the same warning in a loop and not make forward progress, resu...
CVE-2025-69647
CVE-2025-69647 affects GNU Binutils readelf before or up to 2.45.1. A logic flaw in the DWARF loclists parser can cause readelf to loop indefinitely while processing a crafted binary, consuming CPU and I/O and effectively denying analysis progress. This is triggered by a malicious input file and ...