Vulnerabilities > Elfutils Project

DATE CVE VULNERABILITY TITLE RISK
2018-10-15 CVE-2018-18310 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174.
5.5
2018-09-03 CVE-2018-16403 Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.173
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
local
low complexity
elfutils-project CWE-125
5.5
2018-09-03 CVE-2018-16402 Double Free vulnerability in multiple products
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
network
low complexity
elfutils-project debian redhat opensuse canonical CWE-415
critical
9.8
2018-08-29 CVE-2018-16062 Out-of-bounds Read vulnerability in multiple products
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
5.5
2018-03-18 CVE-2018-8769 Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.170
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
local
low complexity
elfutils-project CWE-125
7.8
2017-04-09 CVE-2017-7613 Improper Input Validation vulnerability in multiple products
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-20
5.5
2017-04-09 CVE-2017-7612 Out-of-bounds Read vulnerability in multiple products
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
2017-04-09 CVE-2017-7611 Out-of-bounds Read vulnerability in multiple products
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
2017-04-09 CVE-2017-7610 Out-of-bounds Read vulnerability in multiple products
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
2017-04-09 CVE-2017-7609 Improper Input Validation vulnerability in Elfutils Project Elfutils 0.168
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project CWE-20
5.5