Total
255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14932 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | |||||
| CVE-2017-12455 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | |||||
| CVE-2017-16828 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. | |||||
| CVE-2017-12453 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | |||||
| CVE-2017-9748 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. NOTE: this may be related to a compiler bug. | |||||
| CVE-2017-9755 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-15020 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | |||||
| CVE-2017-12457 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. | |||||
| CVE-2017-14938 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | |||||
| CVE-2017-7614 | 1 Gnu | 1 Binutils | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. | |||||
| CVE-2017-9746 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. | |||||
| CVE-2017-9039 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | |||||
| CVE-2017-16831 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-12454 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. | |||||
| CVE-2017-17124 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | |||||
| CVE-2017-15938 | 1 Gnu | 1 Binutils | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | |||||
| CVE-2017-9753 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-13757 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. | |||||
| CVE-2017-9744 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-15021 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | |||||