Vulnerabilities > GNU

DATE CVE VULNERABILITY TITLE RISK
2017-11-22 CVE-2017-16879 Out-of-bounds Write vulnerability in GNU Ncurses 6.0
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
local
low complexity
gnu CWE-787
7.8
2017-11-15 CVE-2017-16832 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
local
low complexity
gnu CWE-190
7.8
2017-11-15 CVE-2017-16831 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
local
low complexity
gnu CWE-190
7.8
2017-11-15 CVE-2017-16830 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
local
low complexity
gnu CWE-190
7.8
2017-11-15 CVE-2017-16829 Out-of-bounds Read vulnerability in GNU Binutils 2.29.1
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.
local
low complexity
gnu CWE-125
7.8
2017-11-15 CVE-2017-16828 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
local
low complexity
gnu CWE-190
7.8
2017-11-15 CVE-2017-16827 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
local
low complexity
gnu CWE-119
7.8
2017-11-15 CVE-2017-16826 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29.1
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
local
low complexity
gnu CWE-119
7.8
2017-10-31 CVE-2017-1000383 Information Exposure vulnerability in GNU Emacs
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
local
low complexity
gnu CWE-200
5.5
2017-10-29 CVE-2017-15996 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.29
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
local
low complexity
gnu CWE-119
7.8