VYPR

libbfd

by GNU

CVEs (44)

  • CVE-2018-6323HigJan 26, 2018
    risk 0.54cvss 7.8epss 0.06

    The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial…

  • CVE-2019-9075HigFeb 24, 2019
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

  • CVE-2018-19931HigDec 7, 2018
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

  • CVE-2017-17124HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service…

  • CVE-2017-17121HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location…

  • CVE-2017-16831HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or…

  • CVE-2017-16829HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2017-14745HigSep 26, 2017
    risk 0.51cvss 7.8epss 0.01

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and…

  • CVE-2017-12458HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.

  • CVE-2017-12453HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

  • CVE-2017-12450HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha…

  • CVE-2017-15938HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.05

    dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name…

  • CVE-2019-17451MedOct 10, 2019
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

  • CVE-2019-17450MedOct 10, 2019
    risk 0.42cvss 6.5epss 0.03

    find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

  • CVE-2017-12967MedAug 19, 2017
    risk 0.42cvss 6.5epss 0.03

    The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

  • CVE-2020-16599MedDec 9, 2020
    risk 0.36cvss 5.5epss 0.01

    A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

  • CVE-2020-16593MedDec 9, 2020
    risk 0.36cvss 5.5epss 0.01

    A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

  • CVE-2020-16592MedDec 9, 2020
    risk 0.36cvss 5.5epss 0.01

    A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

  • CVE-2019-12972MedJun 26, 2019
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting…

  • CVE-2019-9076MedFeb 24, 2019
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

Page 1 of 3