VYPR

rpm package

suse/binutils&distro=SUSE Linux Enterprise Desktop 12 SP3

pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3

Vulnerabilities (82)

  • CVE-2017-8395HigMay 1, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function.

  • CVE-2017-8394HigMay 1, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs u

  • CVE-2017-8393HigMay 1, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel

  • CVE-2017-8392HigMay 1, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes program

  • CVE-2017-7614CriApr 9, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspec

  • CVE-2017-7304HigMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vuln

  • CVE-2017-7303HigMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils uti

  • CVE-2017-7302HigMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability cau

  • CVE-2017-7301HigMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linke

  • CVE-2017-7300HigMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loadin

  • CVE-2017-7299MedMar 29, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF rel

  • CVE-2017-7227HigMar 22, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

  • CVE-2017-7226CriMar 22, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several ut

  • CVE-2017-7225HigMar 22, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

  • CVE-2017-7224MedMar 22, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

  • CVE-2017-7223HigMar 22, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

  • CVE-2017-7210MedMar 21, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

  • CVE-2017-7209MedMar 21, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

  • CVE-2014-9939CriMar 21, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

  • CVE-2017-6969CriMar 17, 2017
    affected < 2.29.1-9.20.2fixed 2.29.1-9.20.2

    readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

Page 4 of 5