Debian Binutils vulnerabilities

CVE-2017-7300 [HIGH] CVE-2017-7300: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. Scope: local bookworm: resolved (f

CVE-2017-7302 [HIGH] CVE-2017-7302: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. Scope: local bookworm: resolved (fixed in 2.2

CVE-2017-7223 [HIGH] CVE-2017-7223: binutils - GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of... GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. Scope: local bookworm: resolved (fixed in 2.27.51.20161212-1) bullseye: resolved (fixed in 2.27.51.20161212-1) forky: resolved (fixed in 2.27.51.20161212-1) sid: resolved (fi

CVE-2017-12448 [HIGH] CVE-2017-12448: binutils - The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) ... The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memo

CVE-2017-7225 [HIGH] CVE-2017-7225: binutils - The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle... The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. Scope: local bookworm: resolved (fixed in 2.27.51.20161201-1) bullseye: resolved (fixed in 2.27.51.20161201-1) forky: resol

CVE-2017-8395 [HIGH] CVE-2017-8395: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the

CVE-2017-8394 [HIGH] CVE-2017-8394: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. Scope: local bookworm: resolved (fixe

CVE-2017-7303 [HIGH] CVE-2017-7303: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. Scope: local bookworm: resolved (fixed in 2.27.51.20161212-1)

CVE-2017-8397 [HIGH] CVE-2017-8397: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump

CVE-2017-9955 [MEDIUM] CVE-2017-9955: binutils - The get_build_id function in opncls.c in the Binary File Descriptor (BFD) librar... The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within

CVE-2017-12967 [MEDIUM] CVE-2017-12967: binutils - The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka... The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. Scope: local bookworm: resolved (fixed in 2.29-5) bullseye: resolved (fixed in 2.29-5) forky: resolve

CVE-2017-6966 [MEDIUM] CVE-2017-6966: binutils - readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free)... readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. Scope: local bookworm: resolved (fixed in 2.28-3) bullseye: resolved (fixed in 2.28-3) forky: resolved (fixed

CVE-2017-14974 [MEDIUM] CVE-2017-14974: binutils - The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library... The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

CVE-2017-9954 [MEDIUM] CVE-2017-9954: binutils - The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (a... The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. Scope: local bookworm: resolved (fixed in 2.29-1) b

CVE-2017-7299 [MEDIUM] CVE-2017-7299: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. Scope: l

CVE-2017-6965 [MEDIUM] CVE-2017-6965: binutils - readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrup... readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.28-3) bullseye: resolved (fixed in 2.28-3) forky: resolved (fixed in 2.28-3) sid: resolved (fixed in 2.28-3) trixie: resolved (fixed in 2.28-3)

CVE-2017-8421 [MEDIUM] CVE-2017-8421: binutils - The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BF... The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. Scope: local bookworm: resolved (fixed in 2.28

CVE-2017-13757 [MEDIUM] CVE-2017-13757: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in el

CVE-2017-7224 [MEDIUM] CVE-2017-7224: binutils - The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to ... The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. Scope: local bookworm: resolved (fixed in 2.27.51.20161201-1) bullseye: resolved (fixed in 2.27.51.20161201-1) forky: resolved (fixed in 2.27.51.20161201-1

CVE-2017-14529 [MEDIUM] CVE-2017-14529: binutils - The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) li... The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. Scope: local bookworm: