libdwarf

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A library for handling DWARF Debugging Information Format
Version 1:0.11.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-332 20170416-1 20170709-1 Low Fixed
AVG-89 20161021-1 20161124-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-9998 AVG-332 Low No Denial of service
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows attackers to cause a denial of service (Segmentation fault) via...
CVE-2016-9558 AVG-89 Low No Denial of service
A negation overflow vulnerability was found in dwarf_leb.c triggered by crafted input to dwarfdump utility.
CVE-2016-9480 AVG-89 Medium No Information disclosure
libdwarf allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach,...
CVE-2016-9276 AVG-89 Medium No Information disclosure
An out of bounds heap read was found in dwarf_get_aranges_list in dwarf_arrange.c triggered by crafted input to dwarfdump utility.
CVE-2016-9275 AVG-89 Medium No Information disclosure
An out of bounds heap read was found in _dwarf_skim_forms in dwarf_macro5.c triggered by crafted input to dwarfdump utility.
CVE-2016-8681 AVG-89 Medium No Information disclosure
An out of bounds heap read vulnerability was found in _dwarf_get_abbrev_for_code triggered by invoking dwarfdump command on crafted file.
CVE-2016-8680 AVG-89 Medium No Information disclosure
An out of bounds heap read vulnerability was found in _dwarf_get_abbrev_for_code triggered by invoking dwarfdump command on crafted file.
CVE-2016-8679 AVG-89 Medium No Information disclosure
An out of bounds heap read vulnerability was found in _dwarf_get_size_of_val triggered by invoking dwarfdump command on crafted file.
CVE-2016-7511 AVG-89 Low No Denial of service
An integer overflow vulnerability was found in dwarf_die_deliv.c causing segmentation fault.
CVE-2016-7510 AVG-89 Medium No Information disclosure
An out-of-bounds read vulnerability was found in read_line_table_program() in libdwarf.
CVE-2016-5044 AVG-89 High No Arbitrary code execution
A vulnerability was found in libdwarf in dwarf_elf_access.c:1071. A crafted ELF file may lead to a large offset value, which bigger than the size of...
CVE-2016-5043 AVG-89 Medium No Information disclosure
A vulnerability was found in libdwarf. A function dwarf_dealloc() did not check the Dwarf_Ptr space argument before using it which leads to an out-of-bounds read.
CVE-2016-5041 AVG-89 Low No Denial of service
A vulnerability was found in libdwarf. If no DW_AT_name is present in a debugging information entry using DWARF5 macros a null dereference in dwarf_macro5.c...
CVE-2016-5040 AVG-89 Low No Denial of service
A vulnerability was found in libdwarf. If the data read for a compilation unit header contains a too large length value the library will read outside of its...
CVE-2016-5037 AVG-89 Low No Denial of service
A null pointer dereference vulnerability was found in _dwarf_load_section.
CVE-2016-5035 AVG-89 Medium No Information disclosure
An out-of-bounds read vulnerability was found in dwarf_line_table_reader.c.
CVE-2016-5033 AVG-89 Medium No Information disclosure
An out-of-bounds read vulnerability was found in libdwarf in print_exprloc_content.
CVE-2016-5032 AVG-89 Medium No Information disclosure
An out-of-bounds read vulnerability was found in libdwarf in dwarf_get_xu_hash_entry() function.
CVE-2016-5031 AVG-89 Medium No Information disclosure
An out-of-bounds read vulnerability was found in libdwarf in print_frame_inst_bytes() function.
CVE-2016-5030 AVG-89 Low No Denial of service
A null pointer dereference vulnerability was found in libdwarf in _dwarf_calculate_info_section_end_ptr() function.
CVE-2016-5029 AVG-89 Low No Denial of service
A null pointer dereference vulnerability was found in libdwarf in create_fullest_file_path() function. This is due to corrupted dwarf and the fix detects...
CVE-2016-5028 AVG-89 Low No Denial of service
A null pointer dereference vulnerability was found in libdwarf. It exists due to a corrupted object file. Libdwarf was not dealing with empty (bss-like)...
CVE-2016-5027 AVG-89 Low No Denial of service
A vulnerability was found in libdwarf. A malicious object with data all-bits-on could bypass length checks which results in an out-of- bounds read.

Advisories

Date Advisory Group Severity Type
11 Jul 2017 ASA-201707-7 AVG-332 Low denial of service
03 Dec 2016 ASA-201612-4 AVG-89 High multiple issues