121 matches found
CVE-2023-1579
CVE-2023-1579 is a heap-based buffer overflow in GNU binutils’ binutils-gdb/bfd/libbfd.c (function bfd_getl64 ). The connected documents confirm this is triggered when processing input, enabling a potential local attacker to cause a crash or execute arbitrary code, as reflected by the CVSS vector...
CVE-2018-7208
CVE-2018-7208 : In GNU Binutils libbfd (Binary File Descriptor) 2.30, coff_pointerize_aux() in coffgen.c does not validate an index, enabling a crafted COFF file to cause a denial of service (segmentation fault) or potentially other impact. Exploitation is demonstrated via COFF object handling (o...
CVE-2018-7643
CVE-2018-7643 affects GNU Binutils 2.30. The vulnerability is caused by an integer overflow in display_debug_ranges in dwarf.c, enabling a remote attacker to cause a denial of service (crash) via a crafted ELF file (as shown by objdump). Related advisories in connected docs confirm impact in Binu...
CVE-2018-1000876
The CVE-2018-1000876 vulnerability affects GNU binutils up to version 2.32 and earlier, with the flaw in the object dump and relocation code (objdump, bfd_get_dynamic_reloc_upper_bound, bfd_canonicalize_dynamic_reloc) that can trigger an integer overflow leading to a heap overflow. This could all...
CVE-2019-9075
CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...
CVE-2018-19931
CVE-2018-19931 affects the GNU Binutils Binary File Descriptor library (libbfd) as shipped in Binutils
CVE-2018-6543
CVE-2018-6543 affects GNU Binutils 2.30. The issue is an integer overflow in load_specific_debug_section() in objdump.c, which can cause malloc() with a size of 0 for crafted ELF files. This can lead to a denial of service (application crash) and possibly other unmanaged effects when a victim ope...
CVE-2019-9077
CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...
CVE-2021-45078
CVE-2021-45078 affects GNU Binutils (binutils) with a heap-based buffer overflow in the stab handling path (stab_xcoff_builtin_type / finish_stab in stabs.c). The issue is present in Binutils up to version 2.37; exploitation can cause a denial of service and potentially other impact as demonstrat...
CVE-2018-6323
CVE-2018-6323 : In GNU Binutils’ libbfd, the elf_object_p function in elfcode.h contains an unsigned integer overflow due to missing use of bfd_size_type in multiplication. A crafted ELF file can remotely crash the application (DoS) or have unspecified other impact. This CVE is referenced in IBM ...
CVE-2022-45703
CVE-2022-45703 is a heap buffer overflow in GNU binutils' readelf tool (readelf.c, display_debug_section) affecting readelf before 2.40. The vulnerability could lead to arbitrary code execution or a crash per the description; the issue is addressed by upgrading to binutils 2.40 or newer. Exploita...
CVE-2022-44840
CVE-2022-44840: A heap/denial-of-service vulnerability in GNU Binutils readelf.c (find_section_in_set) affects readelf up to version before 2.40. A locally authenticated attacker could craft input to trigger a heap-based buffer overflow, potentially causing a crash or denial of service. Public de...
CVE-2022-47673
CVE-2022-47673 concerns Binutils addr2line prior to 2.39.3, where parse_module contains multiple out-of-bounds reads that may cause a denial of service or other unspecified impacts. This vulnerability is consistently described across multiple connected sources as a Binutils addr2line issue with o...
CVE-2018-18483
CVE-2018-18483 affects GNU Binutils (libiberty) get_count in cplus-dem.c, distributed with Binutils 2.31. The flaw allows a remote attacker to trigger a denial of service via a crafted string, due to an integer-overflow result used in a malloc call (as demonstrated by c++filt). Connected sources ...
CVE-2014-8501
CVE-2014-8501 affects GNU binutils (2.24 and earlier) and was tied to handling of AOUT headers in PE executables, allowing remote denial of service (out-of-bounds write). Multiple distributions list binutils fixes (e.g., Debian, Fedora, CentOS) and note updates mitigating these issues by upgradin...
CVE-2017-16827
Technical details about CVE-2017-16827 are not included in the provided connected documents. Public details (affected product, impact, remediation) are not elaborated here beyond the initial description. Monitor for updates from official sources for specifics.
CVE-2022-47695
GNU Binutils objdump before 2.39.3 is affected by CVE-2022-47695. The issue arises in bfd_mach_o_get_synthetic_symtab within match-o.c, enabling denial of service or other unspecified impacts. Affected product scope across multiple advisories references the binutils toolset (objdump) and confirms...
CVE-2022-47696
CVE-2022-47696 is a vulnerability in GNU Binutils’ objdump prior to 2.39.3 where the function compare_symbols can be exploited to cause a denial of service and other unspecified impacts. The connected sources consistently describe this as a DoS in objdump and indicate the issue affects Binutils v...
CVE-2017-16828
CVE-2017-16828 affects GNU Binutils 2.29.1. The display_debug_frames function in dwarf.c can cause a denial of service via an integer overflow and heap-based buffer over-read when processing a crafted ELF file, related to print_debug_frame. Scope: vulnerable component is the Binutils package; imp...
CVE-2021-20294
CVE-2021-20294 affects GNU Binutils readelf 2.35. Reading a crafted file can trigger a stack-based buffer overflow and an out-of-bounds write, with potential impact to confidentiality, integrity and availability. Exploitation details are present in a GitHub PoC (out-of-bounds write/stack overflow...
CVE-2018-12697
CVE-2018-12697 is a NULL pointer dereference in GNU libiberty (work_stuff_copy_to_from in cplus-dem.c) as distributed with GNU Binutils 2.30, potentially triggered during objdump. The Connected documents confirm the vulnerability in Binutils’ libiberty, but do not provide a concrete fixed version...
CVE-2017-16829
Public details about CVE-2017-16829 are not present in the connected documents; the provided set does not include affected product versions, impact specifics, or remediation. Monitor for updates.
CVE-2017-13716
The CVE-2017-13716 vulnerability affects the C++ demangler in cplus-dem.c (libiberty) as distributed in GNU Binutils 2.29. It allows remote attackers to trigger a denial of service through a crafted file, demonstrated via a call from the Binary File Descriptor (BFD) library. No remediation or pat...
CVE-2017-16826
CVE-2017-16826 affects GNU Binutils 2.29.1 (libbfd) via coff_slurp_line_table in coffcode.h. A crafted PE file can trigger an invalid memory access that may crash the application (DoS) and potentially other impact. The vulnerability is tied to the coff_slurp_line_table routine and the PE handling...
CVE-2025-0840
CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...
CVE-2017-16832
CVE-2017-16832 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29.1, specifically the pe_bfd_read_buildid function in peicode.h. The vulnerability arises because the data dictionary’s size and offset are not validated, which can be exploited by a crafted PE file to cause a d...
CVE-2023-25584
CVE-2023-25584: An out-of-bounds read flaw exists in Binutils’ parse_module function (bfd/vms-alpha.c). Connected sources (Astra Linux bulletin and related entries) reiterate the same description, confirming a vulnerability in Binutils. Documented impact includes potential crashes and possible in...
CVE-2017-17122
CVE-2017-17122 affects GNU Binutils 2.29.1 (dump_relocs_in_section in objdump.c). The vulnerability arises from not checking reloc count, enabling an integer overflow that can lead to excessive memory allocation or a heap-based buffer overflow when processing crafted PE files, potentially causing...
CVE-2019-9070
GNU Binutils (libiberty) vulnerability CVE-2019-9070: heap-based buffer over-read in d_expression_1 of cp-demangle.c after deep recursion, affecting Binutils prior to a patched release. Impact per sources includes potential code execution, information leakage, or DoS when processing crafted ELF i...
CVE-2021-3549
CVE-2021-3549 concerns GNU Binutils’ objdump with an out-of-bounds flaw in processing large sections via avr_elf32_load_records_from_section(), potentially causing a crash or memory corruption. Affected product: GNU binutils (objdump) version 2.36. Impact includes possible integrity and availabil...
CVE-2017-16830
CVE-2017-16830 affects GNU Binutils 2.29.1’s readelf component (readelf.c). The issue is that print_gnu_property_note does not have integer-overflow protection on 32-bit platforms, enabling a crafted ELF file to cause a denial of service (segmentation fault and crash) or possibly other impact. Th...
CVE-2017-17124
The CVE-2017-17124 entry concerns GNU Binutils' Binary File Descriptor (libbfd) in Binutils 2.29.1. The _bfd_coff_read_string_table function in coffgen.c does not properly validate the size of the external string table, enabling a crafted COFF binary to cause denial of service through excessive m...
CVE-2017-16831
CVE-2017-16831 affects coffgen.c in the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.29.1. The symbol count is not validated, enabling a crafted PE file to cause a denial of service via integer overflow and application crash, or excessive memory allocation. This entry des...
CVE-2017-17121
CVE-2017-17121 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29.1. A COFF relocation that refers to a location beyond the end of the to-be-relocated section can trigger a memory access violation leading to a denial of service (memory corruption). Public details are drawn from...
CVE-2014-8503
CVE-2014-8503 is a stack-based buffer overflow in the IHEX parser (ihex_scan in bfd/ihex.c) of GNU Binutils
CVE-2021-3530
CVE-2021-3530 affects GNU Binutils 2.36 in rust-demangle.c (demangle_path). A crafted symbol can exhaust stack memory, causing a crash. Documented as fixed in subsequent binutils advisories (e.g., SUSE/SU advisories listing CVE-2021-3530 as fixed). No exploitation details are provided here; remed...
CVE-2017-17125
CVE-2017-17125 relates to GNU Binutils 2.29.1, where nm.c and objdump.c mishandle certain global symbols, causing a buffer over-read in _bfd_elf_get_symbol_version_string. This can lead to a denial of service (application crash) and may have unspecified other impact via a crafted ELF file. The de...
CVE-2017-12452
CVE-2017-12452 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29 and earlier. The issue is in bfd_mach_o_i386_canonicalize_one_reloc (mach-o-i386.c) where crafted Mach-O files can trigger an out-of-bounds heap read, potentially enabling remote impact when processing M...
CVE-2021-46174
CVE-2021-46174 is a heap-based buffer overflow in GNU Binutils objdump (function bfd_getl32). Multiple connected advisories reference the same issue, with descriptions asserting a heap overflow in Binutils objdump 3.37 and related components. The CVE is associated with potential denial-of-service...
CVE-2017-15996
Technical details (affected product/version, root cause, exploit info, patch) for CVE-2017-15996 are not provided in the supplied documents. The description lists the vulnerability but contains no public vendor/version specifics or remediation here. Monitor for updates.
CVE-2017-12451
CVE-2017-12451 affects the GNU Binutils libbfd prior to 2.30. The vulnerability is in the _bfd_xcoff_read_ar_hdr function (files coff-rs6000.c and coff64-rs6000.c) and can cause an out-of-bounds stack read when processing a crafted COFF image. This could enable a remote attacker to read memory vi...
CVE-2014-8502
CVE-2014-8502 is a binutils/libbfd vulnerability affecting GNU Binutils 2.24 and earlier, where a heap-based buffer overflow in the pe_print_edata function (in binutils’ PE reader) could be triggered by a crafted PE export table, leading to a denial of service and potential further impact. Multip...
CVE-2018-20657
CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...
CVE-2017-9747
CVE-2017-9747 affects GNU Binutils 2.28 in the ieee_archive_p function (bfd/ieee.c). A crafted binary file can trigger a buffer overflow and application crash during objdump -D, causing a denial of service. The description notes this may be related to a compiler bug. Connected sources list the vu...
CVE-2014-8485
CVE-2014-8485 concerns GNU Binutils’ libbfd (setup_group in bfd/elf.c). Affected: Binutils 2.24 and earlier. Issue: missing range checks in the ELF section group headers allow a remote attacker to crash the process or potentially execute arbitrary code. Impact: denial of service and possible code...
CVE-2017-15938
CVE-2017-15938 affects the Binary File Descriptor (BFD) library (GNU Binutils 2.29). The flaw in dwarf2.c miscalculates DW_FORM_ref_addr die refs for relocatable objects, allowing a remote attacker to trigger a denial of service via an invalid memory read, leading to segmentation fault and applic...
CVE-2017-12799
CVE-2017-12799 affects GNU Binutils (elf_read_notes function in bfd/elf.c, Binutils 2.29). A crafted binary file can trigger a denial of service via a buffer overflow, potentially causing an application crash or other impact. The connected documents corroborate the vulnerability is in the elf_rea...
CVE-2021-37322
CVE-2021-37322 affects GCC c++filt v2.26; the vulnerability is a use-after-free in the cplus-dem.c component. Impact is described by CVSSv3 as High (local access, user interaction not required). Public remediation details are not provided in the supplied documents.
CVE-2017-14333
CVE-2017-14333 affects GNU Binutils, specifically the readelf.c function process_version_sections. A crafted binary with invalid ent.vn_next can cause a denial of service (integer overflow and a long loop) during readelf -a. Exploitation requires local access and user interaction. The provided do...
CVE-2017-9746
CVE-2017-9746 affects GNU Binutils 2.28: the disassemble_bytes function in objdump.c can be triggered by a crafted binary file executed with objdump -D, leading to a buffer overflow and application crash (DoS). Root cause is mishandling of rae insns printing for this file. It is described as a re...