VYPR

Binutils

by GNU

Source repositories

CVEs (273)

  • CVE-2017-17124HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service…

  • CVE-2017-17122HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly…

  • CVE-2017-17121HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location…

  • CVE-2017-16832HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service…

  • CVE-2017-16831HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or…

  • CVE-2017-16830HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other…

  • CVE-2017-16829HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2017-16828HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to…

  • CVE-2017-16827HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified…

  • CVE-2017-16826HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other…

  • CVE-2017-15996HigOct 29, 2017
    risk 0.51cvss 7.8epss 0.02

    elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized…

  • CVE-2017-15020HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.02

    dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related…

  • CVE-2017-14745HigSep 26, 2017
    risk 0.51cvss 7.8epss 0.01

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and…

  • CVE-2017-14729HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.02

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and…

  • CVE-2017-14333HigSep 12, 2017
    risk 0.51cvss 7.8epss 0.01

    The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of…

  • CVE-2017-12799HigAug 10, 2017
    risk 0.51cvss 7.8epss 0.03

    The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

  • CVE-2017-12459HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted…

  • CVE-2017-12458HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.

  • CVE-2017-12457HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.

  • CVE-2017-12456HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.

Page 2 of 14