VYPR

Libiberty

by GNU

CVEs (27)

  • CVE-2016-2226HigFeb 24, 2017
    risk 0.54cvss 7.8epss 0.07

    Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

  • CVE-2018-12698HigJun 23, 2018
    risk 0.49cvss 7.5epss 0.07

    demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of…

  • CVE-2018-12697HigJun 23, 2018
    risk 0.49cvss 7.5epss 0.05

    A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.

  • CVE-2016-6131HigFeb 7, 2017
    risk 0.49cvss 7.5epss 0.05

    The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

  • CVE-2018-9996MedApr 10, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and…

  • CVE-2018-9138MedMar 30, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

  • CVE-2017-13716MedAug 28, 2017
    risk 0.36cvss 5.5epss 0.01

    The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File…

  • CVE-2016-4493MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

  • CVE-2016-4491MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

  • CVE-2016-4490MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

  • CVE-2016-4489MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."

  • CVE-2016-4488MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."

  • CVE-2016-4487MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.02

    Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

  • CVE-2016-4492MedFeb 24, 2017
    risk 0.29cvss 4.4epss 0.02

    Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

  • CVE-2021-32256Jul 18, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.

  • CVE-2021-3826Sep 1, 2022
    risk 0.00cvss epss 0.01

    Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

  • CVE-2021-3530Jun 2, 2021
    risk 0.00cvss epss 0.02

    A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

  • CVE-2019-14250Jul 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

  • CVE-2019-9070Feb 24, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

  • CVE-2018-20712Jan 15, 2019
    risk 0.00cvss epss 0.03

    A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

Page 1 of 2