Vulnerabilities > Elfutils Project > Elfutils
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-09 | CVE-2017-7608 | Out-of-bounds Read vulnerability in multiple products The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | 4.3 |
| 2017-04-09 | CVE-2017-7607 | Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.168 The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | 4.3 |
| 2017-03-23 | CVE-2016-10255 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Elfutils Project Elfutils The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. | 5.5 |
| 2017-03-23 | CVE-2016-10254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Elfutils Project Elfutils The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. | 5.5 |
| 2015-01-02 | CVE-2014-9447 | Path Traversal vulnerability in Elfutils Project Elfutils 0.152/0.161 Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | 6.4 |
| 2014-04-11 | CVE-2014-0172 | Numeric Errors vulnerability in Elfutils Project Elfutils Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. | 6.8 |