PyPI package
lief
pkg:pypi/lief
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-15504 | Low | 3.3 | < 0.17.2 | 0.17.2 | Jan 10, 2026 | A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated | |
| CVE-2024-31636 | — | < 0.15.0 | 0.15.0 | May 3, 2024 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | ||
| CVE-2022-43171 | — | < 0.12.3 | 0.12.3 | Nov 17, 2022 | A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | ||
| CVE-2022-40922 | — | < 0.12.2 | 0.12.2 | Oct 3, 2022 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | ||
| CVE-2022-40923 | — | <= 0.12.1 | — | Sep 30, 2022 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | ||
| CVE-2022-38497 | — | <= 0.12.1 | — | Sep 13, 2022 | LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. | ||
| CVE-2022-38495 | — | <= 0.12.1 | — | Sep 13, 2022 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. | ||
| CVE-2022-38307 | — | < 0.12.1 | 0.12.1 | Sep 13, 2022 | LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | ||
| CVE-2022-38306 | — | <= 0.12.1 | — | Sep 13, 2022 | LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | ||
| CVE-2021-32297 | — | < 0.11.0 | 0.11.0 | Sep 20, 2021 | An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. |
- affected < 0.17.2fixed 0.17.2
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated
- CVE-2024-31636May 3, 2024affected < 0.15.0fixed 0.15.0
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
- CVE-2022-43171Nov 17, 2022affected < 0.12.3fixed 0.12.3
A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
- CVE-2022-40922Oct 3, 2022affected < 0.12.2fixed 0.12.2
A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
- CVE-2022-40923Sep 30, 2022affected <= 0.12.1
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
- CVE-2022-38497Sep 13, 2022affected <= 0.12.1
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.
- CVE-2022-38495Sep 13, 2022affected <= 0.12.1
LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.
- CVE-2022-38307Sep 13, 2022affected < 0.12.1fixed 0.12.1
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
- CVE-2022-38306Sep 13, 2022affected <= 0.12.1
LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.
- CVE-2021-32297Sep 20, 2021affected < 0.11.0fixed 0.11.0
An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.