Binary File Descriptor (BFD) library

CVEs (23)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-16827	GNU Binutils	Hig	0.51	7.8	0.02	Nov 15, 2017	The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified…
CVE-2017-16826	GNU Binutils	Hig	0.51	7.8	0.02	Nov 15, 2017	The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other…
CVE-2017-12459	GNU Binutils	Hig	0.51	7.8	0.02	Aug 4, 2017	The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted…
CVE-2017-12457	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.
CVE-2017-12455	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVE-2017-12454	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
CVE-2017-12452	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
CVE-2017-12451	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
CVE-2017-12449	GNU Binutils	Hig	0.51	7.8	0.01	Aug 4, 2017	The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
CVE-2017-12448	GNU Binutils	Hig	0.51	7.8	0.02	Aug 4, 2017	The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file.…
CVE-2017-13710	GNU Binutils	Hig	0.49	7.5	0.03	Aug 27, 2017	The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
CVE-2017-14939	GNU Binutils	Med	0.39	5.5	0.06	Sep 30, 2017	decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a…
CVE-2017-17123	GNU Binutils	Med	0.36	5.5	0.02	Dec 4, 2017	The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
CVE-2017-15225	GNU Binutils	Med	0.36	5.5	0.01	Oct 10, 2017	_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVE-2017-15025	GNU Binutils	Med	0.36	5.5	0.02	Oct 5, 2017	decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
CVE-2017-15022	GNU Binutils	Med	0.36	5.5	0.02	Oct 5, 2017	dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and…
CVE-2017-14940	GNU Binutils	Med	0.36	5.5	0.02	Sep 30, 2017	scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
CVE-2017-14938	GNU Binutils	Med	0.36	5.5	0.02	Sep 30, 2017	_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVE-2017-14934	GNU Binutils	Med	0.36	5.5	0.01	Sep 30, 2017	process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVE-2017-14932	GNU Binutils	Med	0.36	5.5	0.01	Sep 30, 2017	decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

CVE-2017-16827HigNov 15, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.02
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified…
CVE-2017-16826HigNov 15, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.02
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other…
CVE-2017-12459HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.02
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted…
CVE-2017-12457HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.
CVE-2017-12455HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
CVE-2017-12454HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
CVE-2017-12452HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
CVE-2017-12451HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
CVE-2017-12449HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.01
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
CVE-2017-12448HigAug 4, 2017
GNU
Binutils
risk 0.51cvss 7.8epss 0.02
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file.…
CVE-2017-13710HigAug 27, 2017
GNU
Binutils
risk 0.49cvss 7.5epss 0.03
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
CVE-2017-14939MedSep 30, 2017
GNU
Binutils
risk 0.39cvss 5.5epss 0.06
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a…
CVE-2017-17123MedDec 4, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.02
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
CVE-2017-15225MedOct 10, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.01
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVE-2017-15025MedOct 5, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.02
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.
CVE-2017-15022MedOct 5, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.02
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and…
CVE-2017-14940MedSep 30, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.02
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
CVE-2017-14938MedSep 30, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.02
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVE-2017-14934MedSep 30, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.01
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVE-2017-14932MedSep 30, 2017
GNU
Binutils
risk 0.36cvss 5.5epss 0.01
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

Page 1 of 2