VYPR

libbfd

by GNU

CVEs (31)

  • CVE-2018-6323HigJan 26, 2018
    risk 0.54cvss 7.8epss 0.06

    The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial…

  • CVE-2017-17124HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service…

  • CVE-2017-17121HigDec 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location…

  • CVE-2017-16831HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or…

  • CVE-2017-16829HigNov 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2017-14745HigSep 26, 2017
    risk 0.51cvss 7.8epss 0.01

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and…

  • CVE-2017-12458HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.

  • CVE-2017-12453HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.01

    The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.

  • CVE-2017-12450HigAug 4, 2017
    risk 0.51cvss 7.8epss 0.02

    The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha…

  • CVE-2017-15938HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.05

    dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name…

  • CVE-2017-12967MedAug 19, 2017
    risk 0.42cvss 6.5epss 0.03

    The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

  • CVE-2018-8945MedMar 22, 2018
    risk 0.36cvss 5.5epss 0.02

    The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.

  • CVE-2017-17080MedNov 30, 2017
    risk 0.36cvss 5.5epss 0.01

    elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted…

  • CVE-2017-15939MedOct 27, 2017
    risk 0.36cvss 5.5epss 0.02

    dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted…

  • CVE-2017-15024MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.02

    find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

  • CVE-2017-15023MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.02

    read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application…

  • CVE-2017-15022MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.02

    dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and…

  • CVE-2017-15021MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.02

    bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to…

  • CVE-2017-14974MedOct 2, 2017
    risk 0.36cvss 5.5epss 0.01

    The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and…

  • CVE-2017-14938MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.02

    _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

Page 1 of 2