Libdwarf Code
by Davea42
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9558 | Cri | 0.64 | 9.8 | 0.05 | Feb 28, 2017 | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | ||
| CVE-2016-9276 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2016-9275 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2015-8538 | Med | 0.42 | 6.5 | 0.01 | Jun 7, 2017 | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | ||
| CVE-2020-28163 | 0.00 | — | 0.01 | Apr 15, 2023 | libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. |
- risk 0.64cvss 9.8epss 0.05
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
- risk 0.49cvss 7.5epss 0.04
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.49cvss 7.5epss 0.04
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.42cvss 6.5epss 0.01
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
- CVE-2020-28163Apr 15, 2023risk 0.00cvss —epss 0.01
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.