rpm package

opensuse/binutils&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed

Vulnerabilities (156)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-6759		—	< 2.37-1.3	2.37-1.3	Feb 6, 2018	The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation faul
CVE-2018-6543		—	< 2.37-1.3	2.37-1.3	Feb 2, 2018	In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im
CVE-2018-6323		—	< 2.37-1.3	2.37-1.3	Jan 26, 2018	The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial
CVE-2017-16832	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation
CVE-2017-16831	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or po
CVE-2017-16830	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other imp
CVE-2017-16829	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and a
CVE-2017-16828	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_de
CVE-2017-16827	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified o
CVE-2017-16826	Hig	7.8	< 2.37-1.3	2.37-1.3	Nov 15, 2017	The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other
CVE-2017-15996	Hig	7.8	< 2.37-1.3	2.37-1.3	Oct 29, 2017	elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized va
CVE-2017-15939	Med	5.5	< 2.37-1.3	2.37-1.3	Oct 27, 2017	dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF
CVE-2017-15938	Hig	7.5	< 2.37-1.3	2.37-1.3	Oct 27, 2017	dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invali
CVE-2017-14974	Med	5.5	< 2.37-1.3	2.37-1.3	Oct 2, 2017	The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and a
CVE-2017-14745	Hig	7.8	< 2.37-1.3	2.37-1.3	Sep 26, 2017	The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and a
CVE-2017-14729	Hig	7.8	< 2.37-1.3	2.37-1.3	Sep 25, 2017	The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2017-14529	Med	5.5	< 2.37-1.3	2.37-1.3	Sep 18, 2017	The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application cra
CVE-2017-14333	Hig	7.8	< 2.37-1.3	2.37-1.3	Sep 12, 2017	The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_ne
CVE-2017-14130	Med	5.5	< 2.37-1.3	2.37-1.3	Sep 4, 2017	The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a
CVE-2017-14129	Med	5.5	< 2.37-1.3	2.37-1.3	Sep 4, 2017	The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2018-6759Feb 6, 2018
affected < 2.37-1.3fixed 2.37-1.3
The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation faul
CVE-2018-6543Feb 2, 2018
affected < 2.37-1.3fixed 2.37-1.3
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other im
CVE-2018-6323Jan 26, 2018
affected < 2.37-1.3fixed 2.37-1.3
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial
CVE-2017-16832HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation
CVE-2017-16831HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or po
CVE-2017-16830HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other imp
CVE-2017-16829HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and a
CVE-2017-16828HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_de
CVE-2017-16827HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified o
CVE-2017-16826HigNov 15, 2017
affected < 2.37-1.3fixed 2.37-1.3
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other
CVE-2017-15996HigOct 29, 2017
affected < 2.37-1.3fixed 2.37-1.3
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized va
CVE-2017-15939MedOct 27, 2017
affected < 2.37-1.3fixed 2.37-1.3
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF
CVE-2017-15938HigOct 27, 2017
affected < 2.37-1.3fixed 2.37-1.3
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invali
CVE-2017-14974MedOct 2, 2017
affected < 2.37-1.3fixed 2.37-1.3
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and a
CVE-2017-14745HigSep 26, 2017
affected < 2.37-1.3fixed 2.37-1.3
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and a
CVE-2017-14729HigSep 25, 2017
affected < 2.37-1.3fixed 2.37-1.3
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2017-14529MedSep 18, 2017
affected < 2.37-1.3fixed 2.37-1.3
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application cra
CVE-2017-14333HigSep 12, 2017
affected < 2.37-1.3fixed 2.37-1.3
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_ne
CVE-2017-14130MedSep 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a
CVE-2017-14129MedSep 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

Page 6 of 8