Vulnerabilities > GNU > Binutils

DATE CVE VULNERABILITY TITLE RISK
2017-09-18 CVE-2017-14529 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.
local
low complexity
gnu CWE-125
5.5
2017-09-12 CVE-2017-14333 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
local
low complexity
gnu CWE-190
7.8
2017-09-04 CVE-2017-14130 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-09-04 CVE-2017-14129 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-09-04 CVE-2017-14128 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
gnu CWE-125
5.5
2017-08-29 CVE-2017-13757 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
local
low complexity
gnu CWE-125
5.5
2017-08-28 CVE-2017-13716 Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.29
The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
local
low complexity
gnu CWE-770
5.5
2017-08-27 CVE-2017-13710 NULL Pointer Dereference vulnerability in GNU Binutils 2.29
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
network
low complexity
gnu CWE-476
7.5
2017-08-19 CVE-2017-12967 Out-of-bounds Read vulnerability in GNU Binutils 2.29
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.
network
low complexity
gnu CWE-125
6.5
2017-08-10 CVE-2017-12799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
local
low complexity
gnu CWE-119
7.8