Libdwarf Security Vulnerabilities and Issues — Libdwarf CVE List

Lucene search

Libdwarf ProjectLibdwarf

12 matches found

CVE•added 2024/03/18 1:15 p.m.•100 views

CVE-2024-2002

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

7.5CVSS7.3AI score0.00106EPSS

CVE•added 2022/06/02 2:16 p.m.•62 views

CVE-2022-32200

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

7.8CVSS7.6AI score0.00316EPSS

CVE•added 2017/02/17 5:59 p.m.•47 views

CVE-2016-5040

libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.

7.5CVSS7.1AI score0.00993EPSS

CVE•added 2017/04/10 4:59 p.m.•45 views

CVE-2016-5041

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.

7.5CVSS7.1AI score0.00922EPSS

CVE•added 2017/03/23 6:59 p.m.•44 views

CVE-2016-9276

The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

7.5CVSS7.9AI score0.00822EPSS

CVE•added 2017/02/17 5:59 p.m.•43 views

CVE-2016-5036

The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.

7.5CVSS7.1AI score0.00993EPSS

CVE•added 2017/02/17 5:59 p.m.•42 views

CVE-2016-5042

The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.

7.5CVSS7AI score0.00993EPSS

CVE•added 2017/02/17 5:59 p.m.•38 views

CVE-2016-5038

The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str.

7.5CVSS7.1AI score0.00993EPSS

CVE•added 2017/02/17 5:59 p.m.•38 views

CVE-2016-5039

The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.

7.5CVSS7AI score0.00993EPSS

CVE•added 2017/02/17 5:59 p.m.•38 views

CVE-2016-5044

The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.

7.5CVSS7.1AI score0.00993EPSS

CVE•added 2017/02/17 5:59 p.m.•37 views

CVE-2016-5043

The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.

7.5CVSS7AI score0.00993EPSS

CVE•added 2017/03/23 6:59 p.m.•37 views

CVE-2016-9275

Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).

7.5CVSS8.1AI score0.00711EPSS