rpm package

suse/binutils&distro=SUSE Linux Enterprise Server 12 SP2-BCL

pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Vulnerabilities (96)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-16831	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or po
CVE-2017-16830	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other imp
CVE-2017-16829	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and a
CVE-2017-16828	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_de
CVE-2017-16827	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified o
CVE-2017-16826	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Nov 15, 2017	The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other
CVE-2017-15996	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Oct 29, 2017	elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized va
CVE-2017-15939	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	Oct 27, 2017	dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF
CVE-2017-15938	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	Oct 27, 2017	dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invali
CVE-2017-9756	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of
CVE-2017-9755	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated
CVE-2017-9750	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mish
CVE-2017-9748	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9747	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9746	Hig	7.8	< 2.31-9.26.1	2.31-9.26.1	Jun 19, 2017	The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing
CVE-2017-8421	Med	5.5	< 2.31-9.26.1	2.31-9.26.1	May 2, 2017	The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_i
CVE-2017-8396	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability cause
CVE-2017-8394	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs u
CVE-2017-8393	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel
CVE-2017-8392	Hig	7.5	< 2.31-9.26.1	2.31-9.26.1	May 1, 2017	The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes program

CVE-2017-16831HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or po
CVE-2017-16830HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other imp
CVE-2017-16829HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and a
CVE-2017-16828HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_de
CVE-2017-16827HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified o
CVE-2017-16826HigNov 15, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other
CVE-2017-15996HigOct 29, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized va
CVE-2017-15939MedOct 27, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF
CVE-2017-15938HigOct 27, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invali
CVE-2017-9756HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of
CVE-2017-9755HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated
CVE-2017-9750HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mish
CVE-2017-9748HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9747HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via
CVE-2017-9746HigJun 19, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing
CVE-2017-8421MedMay 2, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_i
CVE-2017-8396HigMay 1, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability cause
CVE-2017-8394HigMay 1, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs u
CVE-2017-8393HigMay 1, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel
CVE-2017-8392HigMay 1, 2017
affected < 2.31-9.26.1fixed 2.31-9.26.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes program

Page 4 of 5