Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9750 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-14529 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | |||||
| CVE-2017-12454 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. | |||||
| CVE-2017-17121 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. | |||||
| CVE-2017-8398 | 1 Gnu | 1 Binutils | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. | |||||
| CVE-2017-15022 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | |||||
| CVE-2017-14729 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
| CVE-2017-14940 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | |||||
| CVE-2017-9744 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-12449 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. | |||||
| CVE-2017-12455 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. | |||||
| CVE-2017-15021 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | |||||
| CVE-2014-8484 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 5.0 MEDIUM | N/A |
| The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. | |||||
| CVE-2014-8503 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. | |||||
| CVE-2014-8485 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. | |||||
| CVE-2014-8504 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. | |||||
| CVE-2014-8502 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. | |||||
| CVE-2014-8737 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. | |||||
| CVE-2014-8738 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. | |||||
| CVE-2014-8501 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2025-04-12 | 7.5 HIGH | N/A |
| The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. | |||||