| CVE-2021-20294 |
AVG-1385 |
Medium |
No |
Arbitrary code execution |
A security issue was found in binutils before version 2.36. It allows attackers to cause a denial of service (stack buffer overflow) or possibly have... |
| CVE-2021-20197 |
AVG-1540 |
Medium |
No |
Arbitrary filesystem access |
There is an open race window when writing output in the following utilities in GNU binutils: ar, objcopy, strip, ranlib. When these utilities are run as a... |
| CVE-2021-3648 |
AVG-1540 |
Low |
No |
Denial of service |
A flaw was discovered in GNU libiberty as distributed in GNU Binutils version 2.36.50. A crafted file can cause an infinite loop leading to a stack overflow... |
| CVE-2021-3549 |
AVG-2002 |
Low |
No |
Arbitrary code execution |
An out of bounds write security issue was found in GNU binutils objdump utility version 2.36.1. An attacker could use this flaw and pass a large section to... |
| CVE-2021-3530 |
AVG-1540 |
Medium |
No |
Arbitrary code execution |
A security issue was discovered in GNU libiberty, as distributed in GNU Binutils version 2.36. A crafted file can cause a stack-based buffer overflow in... |
| CVE-2021-3487 |
AVG-1385 |
Low |
No |
Denial of service |
A security issue was found in the BFD library of binutils before version 2.36. read_section() in dwarf2.c of BFD could cause excessive memory consumption... |
| CVE-2020-35448 |
AVG-1385 |
Low |
No |
Information disclosure |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can... |
| CVE-2018-20712 |
AVG-832 |
Medium |
Yes |
Denial of service |
A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted... |
| CVE-2018-20002 |
AVG-832 |
Medium |
Yes |
Denial of service |
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a... |
| CVE-2018-19932 |
AVG-832 |
Medium |
Yes |
Denial of service |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow... |
| CVE-2018-19931 |
AVG-832 |
High |
Yes |
Arbitrary code execution |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer... |
| CVE-2017-17126 |
AVG-538 |
High |
Yes |
Denial of service |
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and... |
| CVE-2017-17125 |
AVG-538 |
Medium |
Yes |
Denial of service |
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service... |
| CVE-2017-17124 |
AVG-538 |
High |
Yes |
Arbitrary code execution |
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does... |
| CVE-2017-17123 |
AVG-538 |
Medium |
Yes |
Denial of service |
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows... |
| CVE-2017-17122 |
AVG-538 |
High |
Yes |
Arbitrary code execution |
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to... |
| CVE-2017-15996 |
AVG-435 |
High |
No |
Arbitrary code execution |
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified... |
| CVE-2017-15025 |
AVG-435 |
Medium |
Yes |
Denial of service |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause... |
| CVE-2017-15024 |
AVG-435 |
Medium |
Yes |
Denial of service |
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote... |
| CVE-2017-15023 |
AVG-435 |
Medium |
Yes |
Denial of service |
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate... |
| CVE-2017-15022 |
AVG-435 |
Medium |
Yes |
Denial of service |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which... |
| CVE-2017-15021 |
AVG-435 |
Medium |
Yes |
Denial of service |
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers... |
| CVE-2017-15020 |
AVG-435 |
Medium |
Yes |
Arbitrary code execution |
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers... |
| CVE-2017-9044 |
AVG-276 |
Medium |
No |
Denial of service |
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows attackers to cause a denial of service (invalid read and SEGV)... |
| CVE-2017-9043 |
AVG-276 |
Medium |
No |
Denial of service |
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow attackers... |
| CVE-2017-9042 |
AVG-276 |
Medium |
No |
Denial of service |
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow attackers to cause a... |
| CVE-2017-9041 |
AVG-276 |
Medium |
No |
Denial of service |
GNU Binutils 2.28 allows attackers to cause a denial of service (heap- based buffer over-read and application crash) via a crafted ELF file, related to MIPS... |
| CVE-2017-9040 |
AVG-276 |
Medium |
No |
Denial of service |
GNU Binutils 2017-04-03 allows attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific... |
| CVE-2017-9039 |
AVG-276 |
Medium |
No |
Denial of service |
GNU Binutils 2.28 allows attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the... |
| CVE-2017-9038 |
AVG-276 |
Medium |
No |
Denial of service |
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related... |
| CVE-2017-7227 |
AVG-937 |
Medium |
No |
Denial of service |
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This... |
| CVE-2017-7226 |
AVG-936 |
High |
No |
Information disclosure |
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based... |
| CVE-2017-7225 |
AVG-936 |
Medium |
No |
Denial of service |
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty,... |
| CVE-2017-7224 |
AVG-936 |
Medium |
No |
Denial of service |
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that... |
| CVE-2017-7223 |
AVG-936 |
Medium |
No |
Denial of service |
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream,... |
| CVE-2017-7210 |
AVG-276 |
Medium |
No |
Denial of service |
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in... |
| CVE-2017-7209 |
AVG-276 |
Medium |
No |
Denial of service |
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a... |
| CVE-2017-6969 |
AVG-276 |
Medium |
No |
Denial of service |
It has been discovered that readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. |
| CVE-2017-6966 |
AVG-276 |
High |
No |
Arbitrary code execution |
readelf in GNU Binutils 2.28 has a use-after-free (specifically read- after-free) error while processing multiple, relocated sections in an MSP430 binary.... |
| CVE-2017-6965 |
AVG-276 |
High |
No |
Arbitrary code execution |
A vulnerability was found in the readelf utility; part of binutils. A crafted ELF executable or shared library could cause readelf to write arbitrary... |