Vulnerabilities > GNU > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2015-8107 | Use of Externally-Controlled Format String vulnerability in GNU A2Ps 4.14 Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | 7.8 |
| 2017-03-29 | CVE-2017-7304 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. | 7.5 |
| 2017-03-29 | CVE-2017-7303 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. | 7.5 |
| 2017-03-29 | CVE-2017-7302 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. | 7.5 |
| 2017-03-29 | CVE-2017-7301 | Improper Input Validation vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. | 7.5 |
| 2017-03-29 | CVE-2017-7300 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. | 7.5 |
| 2017-03-27 | CVE-2017-5932 | Improper Input Validation vulnerability in GNU Bash 4.4 The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | 7.8 |
| 2017-03-24 | CVE-2017-5335 | Out-of-bounds Read vulnerability in multiple products The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. | 7.5 |
| 2017-03-22 | CVE-2017-7227 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. | 7.5 |
| 2017-03-22 | CVE-2017-7225 | NULL Pointer Dereference vulnerability in GNU Binutils 2.28 The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | 7.5 |