Vulnerabilities > Elfutils Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-09 CVE-2017-7607 Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.168
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
4.3
2017-03-23 CVE-2016-10255 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Elfutils Project Elfutils
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
local
low complexity
elfutils-project CWE-119
5.5
2017-03-23 CVE-2016-10254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Elfutils Project Elfutils
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
local
low complexity
elfutils-project CWE-119
5.5
2015-01-02 CVE-2014-9447 Path Traversal vulnerability in Elfutils Project Elfutils 0.152/0.161
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
network
low complexity
elfutils-project CWE-22
6.4
2014-04-11 CVE-2014-0172 Numeric Errors vulnerability in Elfutils Project Elfutils
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
6.8