Lucene search
K
GnuBinutils

121 matches found

CVE
CVE
•added 2023/04/03 12:0 a.m.•534 views

CVE-2023-1579

CVE-2023-1579 is a heap-based buffer overflow in GNU binutils’ binutils-gdb/bfd/libbfd.c (function bfd_getl64 ). The connected documents confirm this is triggered when processing input, enabling a potential local attacker to cause a crash or execute arbitrary code, as reflected by the CVSS vector...

7.8CVSS7.8AI score0.00486EPSS
CVE
CVE
•added 2018/02/18 4:0 a.m.•270 views

CVE-2018-7208

CVE-2018-7208 : In GNU Binutils libbfd (Binary File Descriptor) 2.30, coff_pointerize_aux() in coffgen.c does not validate an index, enabling a crafted COFF file to cause a denial of service (segmentation fault) or potentially other impact. Exploitation is demonstrated via COFF object handling (o...

7.8CVSS6.7AI score0.02256EPSS
CVE
CVE
•added 2018/03/02 3:0 p.m.•265 views

CVE-2018-7643

CVE-2018-7643 affects GNU Binutils 2.30. The vulnerability is caused by an integer overflow in display_debug_ranges in dwarf.c, enabling a remote attacker to cause a denial of service (crash) via a crafted ELF file (as shown by objdump). Related advisories in connected docs confirm impact in Binu...

7.8CVSS7.9AI score0.02367EPSS
CVE
CVE
•added 2018/12/20 5:0 p.m.•248 views

CVE-2018-1000876

The CVE-2018-1000876 vulnerability affects GNU binutils up to version 2.32 and earlier, with the flaw in the object dump and relocation code (objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc) that can trigger an integer overflow leading to a heap overflow. This could all...

7.8CVSS7.9AI score0.00656EPSS
CVE
CVE
•added 2019/02/24 12:0 a.m.•246 views

CVE-2019-9075

CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...

7.8CVSS7.7AI score0.01697EPSS
CVE
CVE
•added 2018/12/07 7:0 a.m.•234 views

CVE-2018-19931

CVE-2018-19931 affects the GNU Binutils Binary File Descriptor library (libbfd) as shipped in Binutils

7.8CVSS7.7AI score0.01606EPSS
CVE
CVE
•added 2018/02/02 9:0 a.m.•207 views

CVE-2018-6543

CVE-2018-6543 affects GNU Binutils 2.30. The issue is an integer overflow in load_specific_debug_section() in objdump.c, which can cause malloc() with a size of 0 for crafted ELF files. This can lead to a denial of service (application crash) and possibly other unmanaged effects when a victim ope...

7.8CVSS6.8AI score0.02329EPSS
CVE
CVE
•added 2019/02/24 12:0 a.m.•201 views

CVE-2019-9077

CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...

7.8CVSS7.7AI score0.01976EPSS
CVE
CVE
•added 2021/12/15 7:37 p.m.•195 views

CVE-2021-45078

CVE-2021-45078 affects GNU Binutils (binutils) with a heap-based buffer overflow in the stab handling path (stab_xcoff_builtin_type / finish_stab in stabs.c). The issue is present in Binutils up to version 2.37; exploitation can cause a denial of service and potentially other impact as demonstrat...

7.8CVSS8.1AI score0.01312EPSS
CVE
CVE
•added 2018/01/26 8:0 a.m.•189 views

CVE-2018-6323

CVE-2018-6323 : In GNU Binutils’ libbfd, the elf_object_p function in elfcode.h contains an unsigned integer overflow due to missing use of bfd_size_type in multiplication. A crafted ELF file can remotely crash the application (DoS) or have unspecified other impact. This CVE is referenced in IBM ...

7.8CVSS6.8AI score0.05834EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•177 views

CVE-2022-45703

CVE-2022-45703 is a heap buffer overflow in GNU binutils' readelf tool (readelf.c, display_debug_section) affecting readelf before 2.40. The vulnerability could lead to arbitrary code execution or a crash per the description; the issue is addressed by upgrading to binutils 2.40 or newer. Exploita...

7.8CVSS7.8AI score0.00513EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•174 views

CVE-2022-44840

CVE-2022-44840: A heap/denial-of-service vulnerability in GNU Binutils readelf.c (find_section_in_set) affects readelf up to version before 2.40. A locally authenticated attacker could craft input to trigger a heap-based buffer overflow, potentially causing a crash or denial of service. Public de...

7.8CVSS7.7AI score0.00461EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•173 views

CVE-2022-47673

CVE-2022-47673 concerns Binutils addr2line prior to 2.39.3, where parse_module contains multiple out-of-bounds reads that may cause a denial of service or other unspecified impacts. This vulnerability is consistently described across multiple connected sources as a Binutils addr2line issue with o...

7.8CVSS7.4AI score0.00434EPSS
CVE
CVE
•added 2018/10/18 8:0 p.m.•167 views

CVE-2018-18483

CVE-2018-18483 affects GNU Binutils (libiberty) get_count in cplus-dem.c, distributed with Binutils 2.31. The flaw allows a remote attacker to trigger a denial of service via a crafted string, due to an integer-overflow result used in a malloc call (as demonstrated by c++filt). Connected sources ...

7.8CVSS6.6AI score0.02458EPSS
CVE
CVE
•added 2014/12/09 10:52 p.m.•162 views

CVE-2014-8501

CVE-2014-8501 affects GNU binutils (2.24 and earlier) and was tied to handling of AOUT headers in PE executables, allowing remote denial of service (out-of-bounds write). Multiple distributions list binutils fixes (e.g., Debian, Fedora, CentOS) and note updates mitigating these issues by upgradin...

7.5CVSS8.2AI score0.0516EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•161 views

CVE-2017-16827

Technical details about CVE-2017-16827 are not included in the provided connected documents. Public details (affected product, impact, remediation) are not elaborated here beyond the initial description. Monitor for updates from official sources for specifics.

7.8CVSS7.8AI score0.01784EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•161 views

CVE-2022-47695

GNU Binutils objdump before 2.39.3 is affected by CVE-2022-47695. The issue arises in bfd_mach_o_get_synthetic_symtab within match-o.c, enabling denial of service or other unspecified impacts. Affected product scope across multiple advisories references the binutils toolset (objdump) and confirms...

7.8CVSS7.3AI score0.00461EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•156 views

CVE-2022-47696

CVE-2022-47696 is a vulnerability in GNU Binutils’ objdump prior to 2.39.3 where the function compare_symbols can be exploited to cause a denial of service and other unspecified impacts. The connected sources consistently describe this as a DoS in objdump and indicate the issue affects Binutils v...

7.8CVSS7.3AI score0.00404EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•155 views

CVE-2017-16828

CVE-2017-16828 affects GNU Binutils 2.29.1. The display_debug_frames function in dwarf.c can cause a denial of service via an integer overflow and heap-based buffer over-read when processing a crafted ELF file, related to print_debug_frame. Scope: vulnerable component is the Binutils package; imp...

7.8CVSS8AI score0.01792EPSS
CVE
CVE
•added 2021/04/29 12:0 a.m.•155 views

CVE-2021-20294

CVE-2021-20294 affects GNU Binutils readelf 2.35. Reading a crafted file can trigger a stack-based buffer overflow and an out-of-bounds write, with potential impact to confidentiality, integrity and availability. Exploitation details are present in a GitHub PoC (out-of-bounds write/stack overflow...

7.8CVSS7.4AI score0.03412EPSS
CVE
CVE
•added 2018/06/23 10:0 p.m.•152 views

CVE-2018-12697

CVE-2018-12697 is a NULL pointer dereference in GNU libiberty (work_stuff_copy_to_from in cplus-dem.c) as distributed with GNU Binutils 2.30, potentially triggered during objdump. The Connected documents confirm the vulnerability in Binutils’ libiberty, but do not provide a concrete fixed version...

7.5CVSS7.4AI score0.05229EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•151 views

CVE-2017-16829

Public details about CVE-2017-16829 are not present in the connected documents; the provided set does not include affected product versions, impact specifics, or remediation. Monitor for updates.

7.8CVSS6.5AI score0.01792EPSS
CVE
CVE
•added 2017/08/28 9:0 p.m.•149 views

CVE-2017-13716

The CVE-2017-13716 vulnerability affects the C++ demangler in cplus-dem.c (libiberty) as distributed in GNU Binutils 2.29. It allows remote attackers to trigger a denial of service through a crafted file, demonstrated via a call from the Binary File Descriptor (BFD) library. No remediation or pat...

7.1CVSS5.7AI score0.01399EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•149 views

CVE-2017-16826

CVE-2017-16826 affects GNU Binutils 2.29.1 (libbfd) via coff_slurp_line_table in coffcode.h. A crafted PE file can trigger an invalid memory access that may crash the application (DoS) and potentially other impact. The vulnerability is tied to the coff_slurp_line_table routine and the PE handling...

7.8CVSS7.8AI score0.01792EPSS
CVE
CVE
•added 2025/01/29 8:0 p.m.•143 views

CVE-2025-0840

CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...

7.5CVSS5.3AI score0.00732EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•142 views

CVE-2017-16832

CVE-2017-16832 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29.1, specifically the pe_bfd_read_buildid function in peicode.h. The vulnerability arises because the data dictionary’s size and offset are not validated, which can be exploited by a crafted PE file to cause a d...

7.8CVSS7.1AI score0.01792EPSS
CVE
CVE
•added 2023/09/14 8:50 p.m.•142 views

CVE-2023-25584

CVE-2023-25584: An out-of-bounds read flaw exists in Binutils’ parse_module function (bfd/vms-alpha.c). Connected sources (Astra Linux bulletin and related entries) reiterate the same description, confirming a vulnerability in Binutils. Documented impact includes potential crashes and possible in...

7.1CVSS6.4AI score0.00379EPSS
CVE
CVE
•added 2017/12/04 8:0 a.m.•140 views

CVE-2017-17122

CVE-2017-17122 affects GNU Binutils 2.29.1 (dump_relocs_in_section in objdump.c). The vulnerability arises from not checking reloc count, enabling an integer overflow that can lead to excessive memory allocation or a heap-based buffer overflow when processing crafted PE files, potentially causing...

7.8CVSS6.8AI score0.01885EPSS
CVE
CVE
•added 2019/02/24 12:0 a.m.•139 views

CVE-2019-9070

GNU Binutils (libiberty) vulnerability CVE-2019-9070: heap-based buffer over-read in d_expression_1 of cp-demangle.c after deep recursion, affecting Binutils prior to a patched release. Impact per sources includes potential code execution, information leakage, or DoS when processing crafted ELF i...

7.8CVSS7.5AI score0.01802EPSS
CVE
CVE
•added 2021/05/26 8:41 p.m.•139 views

CVE-2021-3549

CVE-2021-3549 concerns GNU Binutils’ objdump with an out-of-bounds flaw in processing large sections via avr_elf32_load_records_from_section(), potentially causing a crash or memory corruption. Affected product: GNU binutils (objdump) version 2.36. Impact includes possible integrity and availabil...

7.1CVSS6.6AI score0.00974EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•136 views

CVE-2017-16830

CVE-2017-16830 affects GNU Binutils 2.29.1’s readelf component (readelf.c). The issue is that print_gnu_property_note does not have integer-overflow protection on 32-bit platforms, enabling a crafted ELF file to cause a denial of service (segmentation fault and crash) or possibly other impact. Th...

7.8CVSS7.8AI score0.02201EPSS
CVE
CVE
•added 2017/12/04 8:0 a.m.•135 views

CVE-2017-17124

The CVE-2017-17124 entry concerns GNU Binutils' Binary File Descriptor (libbfd) in Binutils 2.29.1. The _bfd_coff_read_string_table function in coffgen.c does not properly validate the size of the external string table, enabling a crafted COFF binary to cause denial of service through excessive m...

7.8CVSS6.8AI score0.01841EPSS
CVE
CVE
•added 2017/11/15 8:0 a.m.•133 views

CVE-2017-16831

CVE-2017-16831 affects coffgen.c in the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.29.1. The symbol count is not validated, enabling a crafted PE file to cause a denial of service via integer overflow and application crash, or excessive memory allocation. This entry des...

7.8CVSS7.9AI score0.01792EPSS
CVE
CVE
•added 2017/12/04 8:0 a.m.•123 views

CVE-2017-17121

CVE-2017-17121 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29.1. A COFF relocation that refers to a location beyond the end of the to-be-relocated section can trigger a memory access violation leading to a denial of service (memory corruption). Public details are drawn from...

7.8CVSS6.7AI score0.01702EPSS
CVE
CVE
•added 2014/12/09 10:52 p.m.•122 views

CVE-2014-8503

CVE-2014-8503 is a stack-based buffer overflow in the IHEX parser (ihex_scan in bfd/ihex.c) of GNU Binutils

7.5CVSS8.4AI score0.06202EPSS
CVE
CVE
•added 2021/06/02 2:31 p.m.•122 views

CVE-2021-3530

CVE-2021-3530 affects GNU Binutils 2.36 in rust-demangle.c (demangle_path). A crafted symbol can exhaust stack memory, causing a crash. Documented as fixed in subsequent binutils advisories (e.g., SUSE/SU advisories listing CVE-2021-3530 as fixed). No exploitation details are provided here; remed...

7.5CVSS7.2AI score0.024EPSS
CVE
CVE
•added 2017/12/04 8:0 a.m.•119 views

CVE-2017-17125

CVE-2017-17125 relates to GNU Binutils 2.29.1, where nm.c and objdump.c mishandle certain global symbols, causing a buffer over-read in _bfd_elf_get_symbol_version_string. This can lead to a denial of service (application crash) and may have unspecified other impact via a crafted ELF file. The de...

7.8CVSS7.1AI score0.01638EPSS
CVE
CVE
•added 2017/08/04 3:0 p.m.•117 views

CVE-2017-12452

CVE-2017-12452 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29 and earlier. The issue is in bfd_mach_o_i386_canonicalize_one_reloc (mach-o-i386.c) where crafted Mach-O files can trigger an out-of-bounds heap read, potentially enabling remote impact when processing M...

7.8CVSS5.9AI score0.01493EPSS
CVE
CVE
•added 2023/08/22 12:0 a.m.•117 views

CVE-2021-46174

CVE-2021-46174 is a heap-based buffer overflow in GNU Binutils objdump (function bfd_getl32). Multiple connected advisories reference the same issue, with descriptions asserting a heap overflow in Binutils objdump 3.37 and related components. The CVE is associated with potential denial-of-service...

7.5CVSS7.4AI score0.00698EPSS
CVE
CVE
•added 2017/10/29 5:0 p.m.•116 views

CVE-2017-15996

Technical details (affected product/version, root cause, exploit info, patch) for CVE-2017-15996 are not provided in the supplied documents. The description lists the vulnerability but contains no public vendor/version specifics or remediation here. Monitor for updates.

7.8CVSS7.9AI score0.02357EPSS
CVE
CVE
•added 2017/08/04 3:0 p.m.•115 views

CVE-2017-12451

CVE-2017-12451 affects the GNU Binutils libbfd prior to 2.30. The vulnerability is in the _bfd_xcoff_read_ar_hdr function (files coff-rs6000.c and coff64-rs6000.c) and can cause an out-of-bounds stack read when processing a crafted COFF image. This could enable a remote attacker to read memory vi...

7.8CVSS5.8AI score0.01493EPSS
CVE
CVE
•added 2014/12/09 10:52 p.m.•114 views

CVE-2014-8502

CVE-2014-8502 is a binutils/libbfd vulnerability affecting GNU Binutils 2.24 and earlier, where a heap-based buffer overflow in the pe_print_edata function (in binutils’ PE reader) could be triggered by a crafted PE export table, leading to a denial of service and potential further impact. Multip...

7.5CVSS8.5AI score0.04906EPSS
CVE
CVE
•added 2019/01/02 2:0 p.m.•114 views

CVE-2018-20657

CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...

7.5CVSS7AI score0.04037EPSS
CVE
CVE
•added 2017/06/19 4:0 a.m.•113 views

CVE-2017-9747

CVE-2017-9747 affects GNU Binutils 2.28 in the ieee_archive_p function (bfd/ieee.c). A crafted binary file can trigger a buffer overflow and application crash during objdump -D, causing a denial of service. The description notes this may be related to a compiler bug. Connected sources list the vu...

7.8CVSS7.3AI score0.07859EPSS
CVE
CVE
•added 2014/12/09 10:52 p.m.•112 views

CVE-2014-8485

CVE-2014-8485 concerns GNU Binutils’ libbfd (setup_group in bfd/elf.c). Affected: Binutils 2.24 and earlier. Issue: missing range checks in the ELF section group headers allow a remote attacker to crash the process or potentially execute arbitrary code. Impact: denial of service and possible code...

7.5CVSS8.7AI score0.07486EPSS
CVE
CVE
•added 2017/10/27 9:0 p.m.•112 views

CVE-2017-15938

CVE-2017-15938 affects the Binary File Descriptor (BFD) library (GNU Binutils 2.29). The flaw in dwarf2.c miscalculates DW_FORM_ref_addr die refs for relocatable objects, allowing a remote attacker to trigger a denial of service via an invalid memory read, leading to segmentation fault and applic...

7.5CVSS5.9AI score0.04726EPSS
CVE
CVE
•added 2017/08/10 6:0 p.m.•111 views

CVE-2017-12799

CVE-2017-12799 affects GNU Binutils (elf_read_notes function in bfd/elf.c, Binutils 2.29). A crafted binary file can trigger a denial of service via a buffer overflow, potentially causing an application crash or other impact. The connected documents corroborate the vulnerability is in the elf_rea...

7.8CVSS6.8AI score0.03283EPSS
CVE
CVE
•added 2021/11/18 9:11 p.m.•111 views

CVE-2021-37322

CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.

7.8CVSS7.6AI score0.00853EPSS
CVE
CVE
•added 2017/09/12 8:0 a.m.•110 views

CVE-2017-14333

CVE-2017-14333 affects GNU Binutils, specifically the readelf.c function process_version_sections. A crafted binary with invalid ent.vn_next can cause a denial of service (integer overflow and a long loop) during readelf -a. Exploitation requires local access and user interaction. The provided do...

7.8CVSS6.8AI score0.01206EPSS
CVE
CVE
•added 2017/06/19 4:0 a.m.•110 views

CVE-2017-9746

CVE-2017-9746 affects GNU Binutils 2.28: the disassemble_bytes function in objdump.c can be triggered by a crafted binary file executed with objdump -D, leading to a buffer overflow and application crash (DoS). Root cause is mishandling of rae insns printing for this file. It is described as a re...

7.8CVSS7AI score0.08544EPSS
Total number of security vulnerabilities121