45 matches found
CVE-2019-14249
CVE-2019-14249 affects libdwarf; the issue is in dwarf_elf_load_headers.c prior to 2019-07-05, where processing an ELF with a zero-size section group (SHT_GROUP) can cause a division by zero in dwarfdump, leading to DoS. Affected component is libdwarf; root cause is division by zero when loading ...
CVE-2020-27545
CVE-2020-27545 affects libdwarf: before 20201017 there is a one-byte out-of-bounds read caused by an invalid pointer dereference via an invalid line table in a crafted object. This can lead to a crash (DoS) and availability impact. The CVSS v3.1 base score is 6.5 (Medium); attack vector: Network,...
CVE-2020-28163
CVE-2020-28163 affects libdwarf prior to 20201201. A NULL pointer dereference in the dwarf_print_lines.c path occurs when a DWARF5 line-table header uses an invalid FORM for a pathname, leading to an application crash. Public vulnerability descriptions consistently cite this as the root cause; ex...
CVE-2024-2002
CVE-2024-2002 describes a double-free in libdwarf when processing a multiply-corrupted DWARF object, where an allocation may be freed twice, leading to unpredictable results. Multiple connected advisories (Red Hat, CBL Mariner, Tencent/TSSA, Azure Linux, etc.) confirm libdwarf as the vulnerable c...
CVE-2016-8681
CVE-2016-8681 affects libdwarf (dwarf_util.c, _dwarf_get_abbrev_for_code) in 2016-10-01 and earlier; vulnerable function can cause a denial of service via an out-of-bounds read when a crafted file is processed by dwarfdump. Multiple advisories note patch availability or versions less than 0.9.0-1...
CVE-2015-8750
CVE-2015-8750 affects the libdwarf component (up to and including 20151114) and is due to a NULL pointer dereference in a debug_abbrev section marked NOBITS inside an ELF file, which can enable a remote denial of service (crash). The provided documents consistently describe the vulnerability as a...
CVE-2022-39170
Summary: CVE-2022-39170 affects libdwarf. A double-free in the function _dwarf_exec_frame_instr (dwarf_frame.c) can lead to a crash or denial of service as described in vendor advisories. Connected sources indicate affected package libdwarf and remediation via updated packages (e.g., libdwarf 0.5...
CVE-2015-8538
CVE-2015-8538 affects libdwarf, specifically the dwarf_leb.c routine, allowing attackers to cause a denial of service (SIGSEGV). The connected sources confirm this is a DoS in libdwarf and reference multiple advisories; no concrete patch/version remediation details are provided in the supplied do...
CVE-2022-32200
CVE-2022-32200 affects libdwarf 0.4.0 and is caused by a heap-based buffer over-read in the function _dwarf_check_string_valid within dwarf_util.c . The vulnerability is documented with CVSS metrics (CVSSv2 base 6.8; CVSSv3.1 base 7.8) indicating partial confidentiality, integrity, and availabili...
CVE-2022-34299
CVE-2022-34299 affects libdwarf 0.4.0 with a heap-based buffer over-read in function dwarf_global_formref_b. The vulnerability can lead to a crash/denial of service as described by Red Hat and related sources. Several connected records indicate fixes for newer libdwarf versions (e.g., 0.4.2 in OS...
CVE-2016-5040
CVE-2016-5040 affects libdwarf; versions prior to 20160923 are vulnerable. A large length value in a compilation unit header allows remote out-of-bounds reads, leading to a denial of service (crash). The issue is mitigated by upgrading libdwarf to the 20160923 release or applying the vendor patch...
CVE-2016-5033
CVE-2016-5033 : The print_exprloc_content function in libdwarf before 20160923 allows a remote attacker to cause a denial of service via an out-of-bounds read when processing a crafted file. This is documented across multiple sources (NVD, OSV, and Nessus/NASL entries). The provided materials do ...
CVE-2016-5027
CVE-2016-5027 concerns a denial-of-service flaw in libdwarf, where an attacker can crash the process by feeding a crafted ELF file. The description explicitly states: “dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.” The conne...
CVE-2016-7510
CVE-2016-7510 affects libdwarf, specifically the read_line_table_program function in dwarf_line_table_reader_common.c, with the vulnerability dating to libdwarf before 20160923. A crafted input can trigger an out-of-bounds read, enabling remote denial of service. The issue is confirmed by connect...
CVE-2016-5028
CVE-2016-5028 affects libdwarf (print_frame_inst_bytes) and is described as a denial of service via a NULL pointer dereference when processing an object file with empty bss-like sections, using libdwarf prior to 20160923. Connected documents confirm the vulnerability exists in libdwarf and list a...
CVE-2016-9480
CVE-2016-9480 affects libdwarf, specifically the dwarf_util.c path, where a heap-based over-read vulnerability in a malformed DWARF file can lead to information disclosure or a denial of service. The issue is described as a Heap Buffer Over-read (DW201611-006) and is referenced in upstream adviso...
CVE-2016-5031
CVE-2016-5031 affects the libdwarf library. According to the connected sources, the vulnerability is a denial-of-service caused by an out-of-bounds read in the function print_frame_inst_bytes and related code paths. The issue is present in libdwarf before 2016-09-23, triggered by processing a cra...
CVE-2016-5036
CVE-2016-5036 affects libdwarf (dump_block in print_sections.c) and is exploitable remotely via crafted frame data to trigger an out-of-bounds read, causing denial of service. The vulnerability is tied to libdwarf versions before 2016-09-23 (the fix/version after this date is not specified in the...
CVE-2016-5041
CVE-2016-5041 concerns libdwarf. The vulnerability lies in the dwarf_macro5.c path (libdwarf) before 20160923, where a debugging information entry using DWARF5 and without a DW_AT_name can trigger a NULL pointer dereference, leading to a denial of service. The connected records (OSV, NVD, OpenVAS...
CVE-2016-9275
CVE-2016-9275 affects libdwarf. A heap-based buffer overflow in the _dwarf_skim_forms function (libdwarf/dwarf_macro5.c) could cause an out-of-bounds read and denial of service. The vulnerability is present in Libdwarf prior to 20161124; newer releases (20161124 and later) are expected to include...
CVE-2017-9053
An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function). This CVE is recorded as CVE-2017-9053. The provided documents desc...
CVE-2017-9055
CVE-2017-9055 affects libdwarf; a heap-based buffer over-read occurs in dwarf_formsdata() due to insufficient bounds checks in certain data types. Documented impact is memory read/read crashes; CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates a CRITICAL exposure. The connected sources do no...
CVE-2016-5030
CVE-2016-5030 affects libdwarf prior to 20160923. The vulnerability is a NULL pointer dereference in the _dwarf_calculate_info_section_end_ptr function, exploitable by processing a crafted file. Exploitation status and exact affected products beyond the library are not detailed in the provided do...
CVE-2016-5032
CVE-2016-5032 : In libdwarf, the function dwarf_get_xu_hash_entry (pre-2016-09-23) is vulnerable to a denial-of-service crash when processing a crafted file. This is consistently reported across sources (OSV/NVD/NASL references). No public exploitation details or patched versions are provided in ...
CVE-2016-5042
CVE-2016-5042 affects libdwarf. The vulnerable component is the function dwarf_get_aranges_list in libdwarf, with the issue present in versions before 20160923. A remote attacker can cause a denial of service (infinite loop and crash) by crafting a DWARF section. The provided connected documents ...
CVE-2016-7410
CVE-2016-7410 affects libdwarf (libdwarf 20160613) via a vulnerability in the _dwarf_read_loc_section function in dwarf_loc.c. A crafted file can trigger a denial of service (buffer over-read). The vulnerability is tied to reading the DWARF location section; no vendor patch/versions or remediatio...
CVE-2016-7511
CVE-2016-7511 describes an integer overflow in the dwarf_die_deliv.c of libdwarf 20160613 that can be triggered by a crafted file, allowing remote attackers to cause a denial of service (crash). The vulnerability is tied to the libdwarf project and specifically its handling of DWARF delivery in d...
CVE-2016-9276
The CVE-2016-9276 issue affects Libdwarf, where the function dwarf_get_aranges_list in dwarf_arrange.c handles DWARF aranges data in Libdwarf installations prior to 20161124. The vulnerability enables remote attackers to cause a denial of service via an out-of-bounds read in the affected code pat...
CVE-2014-9482
CVE-2014-9482 is a use-after-free vulnerability in libdwarf's dwarfdump (versions 20130126 through 20140805) that could allow a remote attacker to crash the program via a crafted ELF file. The connected documents confirm the affected component, the vulnerable function surface, and the impact (den...
CVE-2016-2091
The CVE-2016-2091 vulnerability affects libdwarf, specifically the dwarf_read_cie_fde_prefix function in dwarf_frame2.c. A crafted ELF object file can trigger a denial of service via an out-of-bounds read. Public disclosures in connected sources confirm this issue within libdwarf and note multipl...
CVE-2016-5029
CVE-2016-5029 affects libdwarf prior to 2016-09-23. A crafted DWARF file can trigger a denial of service via a NULL pointer dereference in create_fullest_file_path. Documented in multiple sources (NVD, OSV, OSV-UBUNTU, EulerOS notes) with the same root cause. Exploitation details are not elaborat...
CVE-2016-8679
CVE-2016-8679 affects the Libdwarf project. The issue is in the function _dwarf_get_size_of_val in libdwarf/dwarf_util.c, where calling dwarfdump on a crafted file can lead to an out-of-bounds read. Affected library version is Libdwarf before 20161124. The connected documents provide technical de...
CVE-2016-8680
CVE-2016-8680 concerns libdwarf’s dwarf_util.c: the function _dwarf_get_abbrev_for_code in libdwarf 20161001 and earlier may read out of bounds when invoked via dwarfdump on a crafted file, enabling a denial of service. Connected sources corroborate the issue across multiple advisories and OSV li...
CVE-2017-9054
CVE-2017-9054 describes a heap-based buffer over-read in libdwarf (disclosed as DW201703-002). The issue arises in the function _dwarf_decode_s_leb128_chk(), where a byte pointer is dereferenced before bounds checking, enabling reading beyond allocated memory. Affected component is libdwarf (libr...
CVE-2016-2050
CVE-2016-2050 affects libdwarf-20151114 (get_abbrev_array_info). A crafted ELF file can trigger an out-of-bounds write, enabling remote denial of service. Debian/Dwarfutils advisory DLA-669-1 notes this alongside other related CVEs and states fixes in version 20120410-2+deb7u2 for Debian 7; other...
CVE-2016-5038
CVE-2016-5038 affects libdwarf; the vulnerable component is the function dwarf_get_macro_startend_file in dwarf_macro5.c, with versions before 20160923. The issue arises from an out-of-bounds read triggered by a crafted string offset in .debug_str, enabling a remote attacker to cause a denial of ...
CVE-2017-9052
CVE-2017-9052 affects libdwarf (2017-03-21 release); a heap-based buffer over-read occurs in dwarf_formsdata() due to missing bounds checks in multiple spots and a dereference risk in dwarf_attr_list(). The issue is triggered by reading beyond allocated buffers, with potential impact to confident...
CVE-2016-5034
CVE-2016-5034 affects libdwarf (dwarf_elf_access.c) with an out-of-bounds write via a crafted ELF file, vulnerable in versions before 20160923. Remote denial of service is stated. Connected documents consistently describe this vulnerability as part of the libdwarf set of CVEs; no explicit patch v...
CVE-2016-5035
CVE-2016-5035 describes a vulnerability in libdwarf: the function _dwarf_read_line_table_header in dwarf_line_table_reader.c is vulnerable in versions before 20160923. A crafted file can trigger an out-of-bounds read, allowing remote attackers to cause a denial of service. The issue is documented...
CVE-2016-5037
CVE-2016-5037 affects libdwarf; the _dwarf_load_section function in libdwarf prior to 20160923 is vulnerable to remote exploitation via a crafted file, causing a denial of service through a NULL pointer dereference. Public docs provide CVSS scores (v2: 4.3; v3.1: 6.5) and confirm the vulnerabilit...
CVE-2016-5044
CVE-2016-5044 concerns the libdwarf project. The vulnerability resides in the WRITE_UNALIGNED function implemented in dwarf_elf_access.c, with builds prior to 20160923. A crafted DWARF section can trigger an out-of-bounds write, leading to a denial of service (crash). The description and multiple...
CVE-2016-5039
CVE-2016-5039 affects the libdwarf library: the get_attr_value function before 20160923 can be triggered by a crafted object with all-bits on to cause a denial of service via an out-of-bounds read. The description in the Initial document states this exact effect; the connected documents list mult...
CVE-2017-9998
CVE-2017-9998 concerns the libdwarf project. The vulnerability arises in the function _dwarf_decode_s_leb128_chk in dwarf_leb.c, with libdwarf versions affected up to 2017-06-28, allowing remote attackers to cause a denial of service (Segmentation fault) via a crafted file. Impact is a crash/DoS ...
CVE-2016-9558
The CVE-2016-9558 issue affects libdwarf: specifically the code in libdwarf/dwarf_leb.c and dwarfdump/print_frames.c. A crafted bit pattern in a signed leb number can trigger a negation overflow, exposed in libdwarf versions before 20161124. This is described as having unspecified impact for remo...
CVE-2016-5043
CVE-2016-5043 affects libdwarf’s dwarf_dealloc function. A crafted DWARF section can cause an out-of-bounds read, resulting in a denial of service (crash). Public sources consistently indicate the vulnerability exists in libdwarf pre-20160923; remediation is to use a patched libdwarf (20160923 or...