19 matches found
CVE-2019-14250
The CVE-2019-14250 entry affects GNU Binutils (libiberty) and is caused by an missing check for a zero shstrndx in simple-object-elf.c: simple_object_elf_match can overflow memory, causing a heap-based buffer overflow. Affected component: GNU Binutils/libiberty. Root cause: integer overflow from ...
CVE-2019-17450
CVE-2019-17450 affects GNU Binutils’ BFD library (libbfd) in Binutils 2.32, where find_abstract_instance in dwarf2.c can cause infinite recursion and denial of service via a crafted ELF file. Public sources in connected documents indicate a remediation: upgrade Binutils to a patched version (e.g....
CVE-2019-9075
CVE-2019-9075 affects GNU Binutils 2.32 (libbfd) with a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap (archive64.c). Multiple connected sources (Astra Linux, CNVD, Debian tracker, F5 advisory, Cloud Linux updates) confirm the vulnerability in the BFD library and describe potential...
CVE-2019-9074
CVE-2019-9074 affects the GNU Binutils Binary File Descriptor library (libbfd) bundled in Binutils 2.32. It is an out-of-bounds read in bfd_getl32 called from pei-x86_64.c, leading to a SEGV. Several connected advisories confirm impact on local attackers via crafted ELF/PE files and DoS, with pos...
CVE-2018-20651
CVE-2018-20651 is a vulnerability in GNU Binutils (libbfd) where a NULL pointer is dereferenced in elf_link_add_object_symbols (elflink.c) when processing a crafted ET_DYN ELF without program headers. This leads to denial of service and is described as remote-exploit in ld. Connected advisories (...
CVE-2019-12972
CVE-2019-12972 is a heap-based buffer over-read in the Binary File Descriptor (BFD) library (libbfd) distributed with GNU Binutils 2.32. The vulnerability arises in _bfd_doprnt in bfd.c where elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' ...
CVE-2019-17451
CVE-2019-17451 is a vulnerability in GNU Binutils 2.32 (libbfd) where an integer overflow in _bfd_dwarf2_find_nearest_line (dwarf2.c) can cause a SEGV. Affected products reference Binutils in various IBM Netezza/NPS advisories and Astra Linux; remediation is to upgrade to a newer Binutils version...
CVE-2019-9077
CVE-2019-9077 : GNU Binutils 2.32 contains a heap-based buffer overflow in readelf.c (process_mips_specific) triggered by a malformed MIPS option section. Public sources describe potential outcomes as arbitrary code execution or denial of service. Affected users should upgrade Binutils to a non-v...
CVE-2019-14444
CVE-2019-14444: GNU Binutils 2.32 contains an integer overflow in readelf/elfcomm.c (byte_put_little_endian) that can trigger a denial of service via crafted ELF files. IBM Netezza products have addressed this by upgrading Binutils; remediation patches include Netezza Analytics 3.3.8 (and related...
CVE-2018-20671
CVE-2018-20671 affects GNU Binutils up to version 2.31.1, where load_specific_debug_section in objdump.c may overflow an integer, triggering a heap-based buffer overflow via a crafted section size. Connected docs confirm the same description in Astra Linux security bulletin and related advisories...
CVE-2019-1010204
CVE-2019-1010204 affects GNU binutils, specifically the gold linker. The vulnerability arises from a combination of improper input validation , signed/unsigned comparison , and an out-of-bounds read in the code paths for gold/fileread.cc:497 and elfcpp/elfcpp_file.h:644. The documented impact is ...
CVE-2018-20673
CVE-2018-20673 affects the GNU libiberty component (demangle_template() in cplus-dem.c) shipped with GNU Binutils 2.31.1, causing an integer overflow that can lead to a heap-based buffer overflow when creating an array for template argument values (as demonstrated by nm). Connected advisories ref...
CVE-2019-9070
GNU Binutils (libiberty) vulnerability CVE-2019-9070: heap-based buffer over-read in d_expression_1 of cp-demangle.c after deep recursion, affecting Binutils prior to a patched release. Impact per sources includes potential code execution, information leakage, or DoS when processing crafted ELF i...
CVE-2019-9071
CVE-2019-9071 affects GNU Binutils’ libiberty component (cp-demangle.c, function d_count_templates_scopes) with a stack consumption/stack overflow vulnerability after deep recursion. Likely enables buffer overflow and remote code execution in affected contexts as described in multiple advisories....
CVE-2019-9073
CVE-2019-9073 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables (elf.c). This can impact availability (PARTIAL per CVSSv3), with local attack vector and no confidentiality/in...
CVE-2018-20657
CVE-2018-20657 affects GNU Binutils’ libiberty, specifically the demangle_template function in cplus-dem.c, distributed with Binutils 2.31.1. The issue is a memory leak triggered by crafted strings, causing a denial of service via memory consumption (as demonstrated by cxxfilt). Connected sources...
CVE-2019-9072
CVE-2019-9072 affects the GNU Binutils Binary File Descriptor library (libbfd) shipped with Binutils 2.32. The issue is an attempted excessive memory allocation in setup_group() within elf.c, which can enable a denial-of-service through memory exhaustion when processing ELF files. Public advisori...
CVE-2018-20712
CVE-2018-20712 : A heap-based buffer over-read in d_expression_1 (cp-demangle.c) of GNU libiberty, distributed with GNU Binutils 2.31.1, can cause segmentation faults and denial-of-service as shown by c++filt. Connected sources confirm the same flaw and tie it to GNU Binutils components used by b...
CVE-2019-9076
CVE-2019-9076: In GNU Binutils’ Binary File Descriptor library (libbfd) distributed with Binutils 2.32, elf_read_notes in elf.c permits an excessive memory allocation. Connected advisories document the vulnerability in Binutils 2.32 and reference downstream fixes. The EulerOS/Gentoo GLSA entries ...