Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-12-14 CVE-2017-17531 Injection vulnerability in GNU Global 4.8.6
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
gnu CWE-74
8.8
2017-12-06 CVE-2017-17440 NULL Pointer Dereference vulnerability in GNU Libextractor 1.6
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
network
low complexity
gnu CWE-476
6.5
2017-12-05 CVE-2017-17426 Integer Overflow or Wraparound vulnerability in GNU Glibc 2.26
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow.
network
high complexity
gnu CWE-190
8.1
2017-12-04 CVE-2017-17126 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
local
low complexity
gnu CWE-119
7.8
2017-12-04 CVE-2017-17125 Out-of-bounds Read vulnerability in GNU Binutils 2.29.1
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.
local
low complexity
gnu CWE-125
7.8
2017-12-04 CVE-2017-17124 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.
local
low complexity
gnu CWE-119
7.8
2017-12-04 CVE-2017-17123 NULL Pointer Dereference vulnerability in GNU Binutils 2.29.1
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.
local
low complexity
gnu CWE-476
5.5
2017-12-04 CVE-2017-17122 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
local
low complexity
gnu CWE-190
7.8
2017-12-04 CVE-2017-17121 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.
local
low complexity
gnu CWE-119
7.8
2017-11-30 CVE-2017-17080 Out-of-bounds Read vulnerability in GNU Binutils 2.29.1
elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
local
low complexity
gnu CWE-125
5.5