106 matches found
CVE-2017-16827
Technical details about CVE-2017-16827 are not included in the provided connected documents. Public details (affected product, impact, remediation) are not elaborated here beyond the initial description. Monitor for updates from official sources for specifics.
CVE-2017-16828
CVE-2017-16828 affects GNU Binutils 2.29.1. The display_debug_frames function in dwarf.c can cause a denial of service via an integer overflow and heap-based buffer over-read when processing a crafted ELF file, related to print_debug_frame. Scope: vulnerable component is the Binutils package; imp...
CVE-2017-16829
Public details about CVE-2017-16829 are not present in the connected documents; the provided set does not include affected product versions, impact specifics, or remediation. Monitor for updates.
CVE-2017-13716
The CVE-2017-13716 vulnerability affects the C++ demangler in cplus-dem.c (libiberty) as distributed in GNU Binutils 2.29. It allows remote attackers to trigger a denial of service through a crafted file, demonstrated via a call from the Binary File Descriptor (BFD) library. No remediation or pat...
CVE-2017-16826
CVE-2017-16826 affects GNU Binutils 2.29.1 (libbfd) via coff_slurp_line_table in coffcode.h. A crafted PE file can trigger an invalid memory access that may crash the application (DoS) and potentially other impact. The vulnerability is tied to the coff_slurp_line_table routine and the PE handling...
CVE-2017-16832
CVE-2017-16832 affects the Binary File Descriptor library (libbfd) in GNU Binutils 2.29.1, specifically the pe_bfd_read_buildid function in peicode.h. The vulnerability arises because the data dictionary’s size and offset are not validated, which can be exploited by a crafted PE file to cause a d...
CVE-2017-17122
CVE-2017-17122 affects GNU Binutils 2.29.1 (dump_relocs_in_section in objdump.c). The vulnerability arises from not checking reloc count, enabling an integer overflow that can lead to excessive memory allocation or a heap-based buffer overflow when processing crafted PE files, potentially causing...
CVE-2014-9939
CVE-2014-9939 affects GNU Binutils where the ihex.c module contains a stack buffer overflow when printing bad bytes in Intel Hex objects. The advisory cites Binutils versions before 2.26 as vulnerable, with the flaw rooted in ihex.c and resulting in a stack-based overflow that can lead to a crash...
CVE-2017-16830
CVE-2017-16830 affects GNU Binutils 2.29.1’s readelf component (readelf.c). The issue is that print_gnu_property_note does not have integer-overflow protection on 32-bit platforms, enabling a crafted ELF file to cause a denial of service (segmentation fault and crash) or possibly other impact. Th...
CVE-2017-17124
The CVE-2017-17124 entry concerns GNU Binutils' Binary File Descriptor (libbfd) in Binutils 2.29.1. The _bfd_coff_read_string_table function in coffgen.c does not properly validate the size of the external string table, enabling a crafted COFF binary to cause denial of service through excessive m...
CVE-2017-16831
CVE-2017-16831 affects coffgen.c in the Binary File Descriptor (BFD) library as distributed in GNU Binutils 2.29.1. The symbol count is not validated, enabling a crafted PE file to cause a denial of service via integer overflow and application crash, or excessive memory allocation. This entry des...
CVE-2017-7614
CVE-2017-7614 affects GNU Binutils’ Binary File Descriptor library (libbfd). The issue is a NULL pointer dereference in elflink.c (described as a “member access within null pointer” UB) that could allow a remote attacker to crash the target program (denial of service). The description in connecte...
CVE-2017-15939
Technical details about CVE-2017-15939 are not provided in the connected documents. The initial note mentions a libbfd issue in Binutils but no specific products, versions, impact, or fixes are disclosed here. Monitor for updates.
CVE-2017-17121
CVE-2017-17121 affects the Binary File Descriptor (BFD) library in GNU Binutils 2.29.1. A COFF relocation that refers to a location beyond the end of the to-be-relocated section can trigger a memory access violation leading to a denial of service (memory corruption). Public details are drawn from...
CVE-2017-17125
CVE-2017-17125 relates to GNU Binutils 2.29.1, where nm.c and objdump.c mishandle certain global symbols, causing a buffer over-read in _bfd_elf_get_symbol_version_string. This can lead to a denial of service (application crash) and may have unspecified other impact via a crafted ELF file. The de...
CVE-2017-9038
CVE-2017-9038 affects GNU Binutils 2.28 and is a remote DoS via crafted ELF files, causing heap-based buffer over-read and crash. Root cause involves ARM unwind information with invalid word offsets and related code paths (byte_get_little_endian in elfcomm.c; get_unwind_section_word in readelf.c)...
CVE-2017-12452
CVE-2017-12452 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.29 and earlier. The issue is in bfd_mach_o_i386_canonicalize_one_reloc (mach-o-i386.c) where crafted Mach-O files can trigger an out-of-bounds heap read, potentially enabling remote impact when processing M...
CVE-2017-15996
Technical details (affected product/version, root cause, exploit info, patch) for CVE-2017-15996 are not provided in the supplied documents. The description lists the vulnerability but contains no public vendor/version specifics or remediation here. Monitor for updates.
CVE-2017-12451
CVE-2017-12451 affects the GNU Binutils libbfd prior to 2.30. The vulnerability is in the _bfd_xcoff_read_ar_hdr function (files coff-rs6000.c and coff64-rs6000.c) and can cause an out-of-bounds stack read when processing a crafted COFF image. This could enable a remote attacker to read memory vi...
CVE-2017-14129
CVE-2017-14129 : The read_section function in dwarf2.c of GNU Binutils’ libbfd (Binutils 2.29) is vulnerable to a heap-based buffer over-read in parse of crafted ELF files, enabling remote denial of service via crashing the application. The description explicitly ties the issue to Binutils 2.29 a...
CVE-2017-9747
CVE-2017-9747 affects GNU Binutils 2.28 in the ieee_archive_p function (bfd/ieee.c). A crafted binary file can trigger a buffer overflow and application crash during objdump -D, causing a denial of service. The description notes this may be related to a compiler bug. Connected sources list the vu...
CVE-2017-12799
CVE-2017-12799 affects GNU Binutils (elf_read_notes function in bfd/elf.c, Binutils 2.29). A crafted binary file can trigger a denial of service via a buffer overflow, potentially causing an application crash or other impact. The connected documents corroborate the vulnerability is in the elf_rea...
CVE-2017-15938
CVE-2017-15938 affects the Binary File Descriptor (BFD) library (GNU Binutils 2.29). The flaw in dwarf2.c miscalculates DW_FORM_ref_addr die refs for relocatable objects, allowing a remote attacker to trigger a denial of service via an invalid memory read, leading to segmentation fault and applic...
CVE-2017-14130
CVE-2017-14130 affects the Binary File Descriptor library (libbfd) as distributed in GNU Binutils 2.29. The vulnerability arises in the _bfd_elf_parse_attributes function within elf-attrs.c, where a crafted ELF file can trigger a heap-based buffer over-read, enabling a remote attacker to cause an...
CVE-2017-14333
CVE-2017-14333 affects GNU Binutils, specifically the readelf.c function process_version_sections. A crafted binary with invalid ent.vn_next can cause a denial of service (integer overflow and a long loop) during readelf -a. Exploitation requires local access and user interaction. The provided do...
CVE-2017-9746
CVE-2017-9746 affects GNU Binutils 2.28: the disassemble_bytes function in objdump.c can be triggered by a crafted binary file executed with objdump -D, leading to a buffer overflow and application crash (DoS). Root cause is mishandling of rae insns printing for this file. It is described as a re...
CVE-2017-14930
CVE-2017-14930 refers to a memory leak in decode_line_info (dwarf2.c) of the Binary File Descriptor (BFD) library used in GNU Binutils 2.29. The vulnerability allows a crafted ELF file to cause denial of service via memory consumption. The initial description provides the kernel flaw but does not...
CVE-2017-9748
Technical details for CVE-2017-9748 are not provided in the connected documents. No explicit affected product versions, exploitation status, or fixes are shown here; monitor for updates from vendors and security advisories.
CVE-2017-14940
CVE-2017-14940 affects GNU Binutils libbfd: the scan_unit_for_symbols function in dwarf2.c can dereference a NULL pointer when processing a crafted ELF file, enabling a remote attacker to cause a denial of service (application crash). The vulnerability is tied to Binutils 2.29; exploitation detai...
CVE-2017-14939
Technical details about CVE-2017-14939 are not provided in the supplied documents. Monitor for updates from vendors and advisories.
CVE-2017-15020
CVE-2017-15020 affects dwarf1.c in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.29. The root cause is pointer mismanagement in parse_die and parse_line_table, demonstrated by a parse_die heap-based buffer over-read via a crafted ELF file. Impact is a denial o...
CVE-2017-9040
Technical details about CVE-2017-9040 are not provided in the connected documents. No explicit product/version/fix data beyond the initial description is available here. Monitor for updates.
CVE-2017-9750
CVE-2017-9750 affects opcodes/rx-decode.opc in GNU Binutils 2.28. The vulnerability arises from missing bounds checks for certain scale arrays, enabling a crafted binary file to trigger a denial of service (buffer overflow and application crash) during objdump -D, with possible other impact. A co...
CVE-2017-14529
CVE-2017-14529 affects the Binary File Descriptor (BFD) library (libbfd) used by GNU Binutils 2.29. The vulnerability is in the pe_print_idata function in peXXigen.c, where HintName vector entries are mishandled, enabling a crafted PE file to trigger a heap-based buffer over-read and cause an app...
CVE-2017-14128
CVE-2017-14128 affects the GNU Binutils libbfd/Dwarf2 decoding: the decode_line_info function in dwarf2.c may be abused via a crafted ELF file to cause a heap-based buffer over-read and application crash (DENIAL OF SERVICE). Affected is Binutils 2.29 (BFD/libbfd). The provided documents do not sp...
CVE-2017-6966
Technical details for CVE-2017-6966 are not publicly available in the provided connected documents. The descriptions summarize a readelf/read-after-free in Binutils 2.28 MSP430 processing. No root-cause, affected versions, or fixes are specified here; monitor for updates.
CVE-2017-9041
Technical details for CVE-2017-9041 are not publicly provided in the connected documents. The materials reference Binutils 2.28 and MIPS GOT handling but do not specify affected versions beyond 2.28, exploit vectors, or fixes. Monitor for updates.
CVE-2017-9955
CVE-2017-9955 affects GNU Binutils 2.28 (libbfd) via the get_build_id function in opncls.c. A crafted file with a large size field relative to data can trigger a heap-based buffer over-read in objdump, leading to a denial of service. The initial description specifies Binutils 2.28 and a heap-base...
CVE-2017-9749
CVE-2017-9749 affects GNU Binutils 2.28. the vulnerable component is the regs macros in opcodes/bfin-dis.c. A crafted binary can be mishandled during objdump -D, causing a buffer overflow that may crash the application and potentially lead to unspecified impact. The description notes a remote att...
CVE-2017-7299
CVE-2017-7299 affects GNU Binutils 2.28’s Binary File Descriptor library (libbfd). The vulnerability arises when emitting relocations: bfd_elf_final_link in bfd/elflink.c reads the ELF reloc section header without validating the input file format, leading to an invalid read of size 8 and causing ...
CVE-2017-8396
CVE-2017-8396 affects the Binary File Descriptor (BFD) library (libbfd) in GNU Binutils 2.28. It allows an invalid read of size 1 due to reloc offset range tests not catching small negative offsets, causing crash in binary-analysis tools such as objdump. The vulnerability is tied to libbfd’s hand...
CVE-2017-9756
CVE-2017-9756 affects GNU Binutils 2.28. The vulnerability lies in the aarch64_ext_ldst_reglist function (opcodes/aarch64-dis.c) where mishandling of a crafted binary file during objdump -D can lead to a denial of service through a buffer overflow and application crash. This CVE is demonstrated v...
CVE-2017-14745
The CVE-2017-14745 vulnerability affects GNU Binutils’ Binary File Descriptor library (libbfd) in Binutils 2.29. The issue arises because the _get_synthetic_symtab functions treat -1 as a sorting count rather than an error flag, enabling crafted ELF files to trigger denial of service via an integ...
CVE-2017-15021
CVE-2017-15021 affects GNU Binutils’ Binary File Descriptor library (libbfd). The issue is in bfd_get_debug_link_info_1 (opncls.c) and arises from a crafted ELF file, enabling a heap-based buffer over-read that can crash the application. The description specifies Binutils 2.29 as affected; no exp...
CVE-2017-6969
CVE-2017-6969 affects readelf in GNU Binutils 2.28, describing a heap-based buffer over-read when processing corrupt RL78 binaries. Impact per sources: crashes and potential information leakage. Connected advisories (e.g., RH unpatched BINUTILS entries) list CVE-2017-6969 among vulnerabilities wi...
CVE-2017-7210
CVE-2017-7210 affects GNU Binutils 2.28. The objdump tool (and related Binutils components) is vulnerable to multiple heap-based buffer over-reads when processing crafted object files with corrupted STABS enum type strings, potentially causing a crash. The description indicates the vulnerability ...
CVE-2017-7225
CVE-2017-7225 affects GNU Binutils 2.28 (addr2line). The bug is a NULL pointer dereference triggered when both the main file name and directory name are empty, leading to an invalid write and a crash. The connected Nessus entries publicly document this exact description and note it as an unpatche...
CVE-2017-8421
The CVE-2017-8421 issue affects GNU Binutils' Binary File Descriptor (libbfd) component, specifically the coff_set_alignment_hook function in coffcode.h used with Binutils 2.28. It describes a memory leak vulnerability that can cause memory exhaustion in objdump when parsing a crafted PE file. Th...
CVE-2017-9744
Technical details for CVE-2017-9744 are not publicly available in the provided documents; monitor for updates.
CVE-2017-12456
CVE-2017-12456 affects GNU Binutils 2.29 and earlier. The read_symbol_stabs_debugging_info function in rddbg.c allows a remote attacker to cause an out-of-bounds heap read via a crafted binary file. This is documented in the connected Nessus/Red Hat entries, which explicitly list CVE-2017-12456 a...