VYPR

Binutils

by GNU

Source repositories

CVEs (273)

  • CVE-2018-12699CriJun 23, 2018
    risk 0.64cvss 9.8epss 0.05

    finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

  • CVE-2017-7614CriApr 9, 2017
    risk 0.64cvss 9.8epss 0.04

    elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have…

  • CVE-2014-9939CriMar 21, 2017
    risk 0.64cvss 9.8epss 0.02

    ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

  • CVE-2017-7226CriMar 22, 2017
    risk 0.59cvss 9.1epss 0.02

    The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several…

  • CVE-2017-6969CriMar 17, 2017
    risk 0.59cvss 9.1epss 0.04

    readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

  • CVE-2024-53589HigDec 5, 2024
    risk 0.55cvss 8.4epss 0.00

    GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.

  • CVE-2018-6323HigJan 26, 2018
    risk 0.54cvss 7.8epss 0.06

    The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial…

  • CVE-2017-9756HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of…

  • CVE-2017-9750HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by…

  • CVE-2017-9749HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.09

    The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during…

  • CVE-2017-9748HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via…

  • CVE-2017-9747HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact…

  • CVE-2017-9746HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.09

    The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing…

  • CVE-2017-9742HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.08

    The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file…

  • CVE-2026-6846HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…

  • CVE-2018-7643HigMar 2, 2018
    risk 0.51cvss 7.8epss 0.02

    The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

  • CVE-2018-7208HigFeb 18, 2018
    risk 0.51cvss 7.8epss 0.02

    In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified…

  • CVE-2018-6543HigFeb 2, 2018
    risk 0.51cvss 7.8epss 0.02

    In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other…

  • CVE-2017-17126HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

  • CVE-2017-17125HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.

Page 1 of 14