Total
93 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7225 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | |||||
CVE-2017-8398 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. | |||||
CVE-2017-7301 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. | |||||
CVE-2017-8392 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
CVE-2017-7303 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. | |||||
CVE-2017-7227 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | |||||
CVE-2017-8394 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | |||||
CVE-2017-8397 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | |||||
CVE-2017-9042 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
CVE-2017-8395 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | |||||
CVE-2017-7304 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. | |||||
CVE-2017-7223 | 1 Gnu | 1 Binutils | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | |||||
CVE-2017-9043 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. |