Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-15	CVE-2018-18310	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. network elfutils-project debian redhat opensuse canonical CWE-119	4.3
2018-09-03	CVE-2018-16403	Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.173 libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. local low complexity elfutils-project CWE-125	5.5
2018-08-29	CVE-2018-16062	Out-of-bounds Read vulnerability in multiple products dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. local low complexity elfutils-project debian opensuse canonical redhat CWE-125	5.5
2018-03-18	CVE-2018-8769	Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.170 elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. network elfutils-project CWE-125	6.8
2017-04-09	CVE-2017-7613	Improper Input Validation vulnerability in multiple products elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. network elfutils-project debian canonical CWE-20	4.3
2017-04-09	CVE-2017-7612	Out-of-bounds Read vulnerability in multiple products The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. network elfutils-project debian canonical CWE-125	4.3
2017-04-09	CVE-2017-7611	Out-of-bounds Read vulnerability in multiple products The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. network elfutils-project debian canonical CWE-125	4.3
2017-04-09	CVE-2017-7610	Out-of-bounds Read vulnerability in multiple products The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. network elfutils-project debian canonical CWE-125	4.3
2017-04-09	CVE-2017-7609	Improper Input Validation vulnerability in Elfutils Project Elfutils 0.168 elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. network elfutils-project CWE-20	4.3
2017-04-09	CVE-2017-7608	Out-of-bounds Read vulnerability in multiple products The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. network elfutils-project debian canonical CWE-125	4.3