rpm package

opensuse/binutils&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed

Vulnerabilities (156)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-14128	Med	5.5	< 2.37-1.3	2.37-1.3	Sep 4, 2017	The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-13757	Med	5.5	< 2.37-1.3	2.37-1.3	Aug 29, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to el
CVE-2017-12799	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 10, 2017	The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
CVE-2017-12456	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
CVE-2017-12454	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
CVE-2017-12453	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVE-2017-12452	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
CVE-2017-12450	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha f
CVE-2017-12448	Hig	7.8	< 2.37-1.3	2.37-1.3	Aug 4, 2017	The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. Thi
CVE-2017-9756	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of
CVE-2017-9755	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated
CVE-2017-9750	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mish
CVE-2017-9748	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9747	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9746	Hig	7.8	< 2.37-1.3	2.37-1.3	Jun 19, 2017	The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing
CVE-2017-8421	Med	5.5	< 2.37-1.3	2.37-1.3	May 2, 2017	The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_i
CVE-2017-8396	Hig	7.5	< 2.37-1.3	2.37-1.3	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability cause
CVE-2017-8394	Hig	7.5	< 2.37-1.3	2.37-1.3	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs u
CVE-2017-8393	Hig	7.5	< 2.37-1.3	2.37-1.3	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel
CVE-2017-8392	Hig	7.5	< 2.37-1.3	2.37-1.3	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes program

CVE-2017-14128MedSep 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-13757MedAug 29, 2017
affected < 2.37-1.3fixed 2.37-1.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to el
CVE-2017-12799HigAug 10, 2017
affected < 2.37-1.3fixed 2.37-1.3
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
CVE-2017-12456HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
CVE-2017-12454HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
CVE-2017-12453HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVE-2017-12452HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
CVE-2017-12450HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha f
CVE-2017-12448HigAug 4, 2017
affected < 2.37-1.3fixed 2.37-1.3
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. Thi
CVE-2017-9756HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of
CVE-2017-9755HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated
CVE-2017-9750HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mish
CVE-2017-9748HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9747HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9746HigJun 19, 2017
affected < 2.37-1.3fixed 2.37-1.3
The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing
CVE-2017-8421MedMay 2, 2017
affected < 2.37-1.3fixed 2.37-1.3
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_i
CVE-2017-8396HigMay 1, 2017
affected < 2.37-1.3fixed 2.37-1.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability cause
CVE-2017-8394HigMay 1, 2017
affected < 2.37-1.3fixed 2.37-1.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs u
CVE-2017-8393HigMay 1, 2017
affected < 2.37-1.3fixed 2.37-1.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel
CVE-2017-8392HigMay 1, 2017
affected < 2.37-1.3fixed 2.37-1.3
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes program

Page 7 of 8