binutils

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A set of programs to assemble and manipulate binary and object files
Version 2.30-5 [core]

Open

Group Affected Fixed Severity Status Ticket
AVG-538 2.29.1-3 High Vulnerable
AVG-435 2.29.1-3 High Vulnerable
AVG-276 2.28.0-4 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2017-9044 AVG-276 Medium No Denial of service
The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows attackers to cause a denial of service (invalid read and SEGV)...
CVE-2017-9043 AVG-276 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow attackers...
CVE-2017-9042 AVG-276 Medium No Denial of service
It has been discovered that readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow attackers to cause a...
CVE-2017-9041 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (heap- based buffer over-read and application crash) via a crafted ELF file, related to MIPS...
CVE-2017-9040 AVG-276 Medium No Denial of service
GNU Binutils 2017-04-03 allows attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific...
CVE-2017-9039 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the...
CVE-2017-9038 AVG-276 Medium No Denial of service
GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related...
CVE-2017-7210 AVG-276 Medium No Denial of service
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in...
CVE-2017-7209 AVG-276 Medium No Denial of service
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a...
CVE-2017-6969 AVG-276 Medium No Denial of service
It has been discovered that readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries.
CVE-2017-6966 AVG-276 High No Arbitrary code execution
readelf in GNU Binutils 2.28 has a use-after-free (specifically read- after-free) error while processing multiple, relocated sections in an MSP430 binary....
CVE-2017-6965 AVG-276 High No Arbitrary code execution
A vulnerability was found in the readelf utility; part of binutils. A crafted ELF executable or shared library could cause readelf to write arbitrary...
CVE-2017-17126 AVG-538 High Yes Denial of service
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and...
CVE-2017-17125 AVG-538 Medium Yes Denial of service
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service...
CVE-2017-17124 AVG-538 High Yes Arbitrary code execution
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does...
CVE-2017-17123 AVG-538 Medium Yes Denial of service
The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows...
CVE-2017-17122 AVG-538 High Yes Arbitrary code execution
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to...
CVE-2017-15996 AVG-435 High No Arbitrary code execution
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified...
CVE-2017-15025 AVG-435 Medium Yes Denial of service
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause...
CVE-2017-15024 AVG-435 Medium Yes Denial of service
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote...
CVE-2017-15023 AVG-435 Medium Yes Denial of service
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate...
CVE-2017-15022 AVG-435 Medium Yes Denial of service
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which...
CVE-2017-15021 AVG-435 Medium Yes Denial of service
bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers...
CVE-2017-15020 AVG-435 Medium Yes Arbitrary code execution
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers...