Vulnerabilities > GNU > Binutils
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-29 | CVE-2017-15996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | 7.8 |
| 2017-10-27 | CVE-2017-15939 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | 5.5 |
| 2017-10-27 | CVE-2017-15938 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | 7.5 |
| 2017-10-10 | CVE-2017-15225 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Binutils 2.29 _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | 5.5 |
| 2017-10-05 | CVE-2017-15025 | Divide By Zero vulnerability in GNU Binutils 2.29 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | 5.5 |
| 2017-10-05 | CVE-2017-15024 | Infinite Loop vulnerability in GNU Binutils 2.29 find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 5.5 |
| 2017-10-05 | CVE-2017-15023 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | 5.5 |
| 2017-10-05 | CVE-2017-15022 | NULL Pointer Dereference vulnerability in GNU Binutils 2.29 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | 5.5 |
| 2017-10-05 | CVE-2017-15021 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | 5.5 |
| 2017-10-05 | CVE-2017-15020 | Out-of-bounds Read vulnerability in GNU Binutils 2.29 dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | 7.8 |