Debian Binutils vulnerabilities

CVE-2017-9756 [HIGH] CVE-2017-9756: binutils - The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2... The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Scope: local bookworm: resolved (fixed in 2.29-1

CVE-2017-14938 [MEDIUM] CVE-2017-14938: binutils - _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) libra... _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.201

CVE-2017-9040 [MEDIUM] CVE-2017-9040: binutils - GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NU... GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. Scope: local bookworm: resolved (fixed in 2.29-1) bullseye: resolved (fixed in 2.29-1) forky: resolved (fixe

CVE-2017-9748 [HIGH] CVE-2017-9748: binutils - The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) lib... The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" ex

CVE-2017-16826 [HIGH] CVE-2017-16826: binutils - The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (... The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. Scope: local bookworm: resolved (fixed in 2.29.90.2018012

CVE-2017-15025 [MEDIUM] CVE-2017-15025: binutils - decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka li... decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.20180122-1) forky: r

CVE-2017-14932 [MEDIUM] CVE-2017-14932: binutils - decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka li... decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.20180122-1) forky: resolved (fixed in 2.29.90.201

CVE-2017-16827 [HIGH] CVE-2017-16827: binutils - The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor ... The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.2

CVE-2017-9043 [HIGH] CVE-2017-9043: binutils - readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type un... readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29-1) bullseye: resolved (fixed in 2.29-1) forky: resolved (fixed in 2.29-1

CVE-2017-9746 [HIGH] CVE-2017-9746: binutils - The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote a... The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during "objdump -D" execution. Scope: local bookworm: resolved (fixed in 2.

CVE-2017-17126 [HIGH] CVE-2017-17126: binutils - The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remot... The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.20180122-1) for

CVE-2017-17122 [HIGH] CVE-2017-17122: binutils - The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not... The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. Scope: local bookworm: resolved (fixed

CVE-2017-13716 [MEDIUM] CVE-2017-13716: binutils - The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in ... The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). Scope: local bookworm: open bullseye: open forky: open

CVE-2017-7210 [MEDIUM] CVE-2017-7210: binutils - objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-re... objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. Scope: local bookworm: resolved (fixed in 2.28-3) bullseye: resolved (fixed in 2.28-3) forky: resolved (fixed in 2.28-3) sid: resolved (fixed in 2.28-3) trixie:

CVE-2017-14934 [MEDIUM] CVE-2017-14934: binutils - process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka l... process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.

CVE-2017-9752 [HIGH] CVE-2017-9752: binutils - bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as dis... bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir fu

CVE-2017-8392 [HIGH] CVE-2017-8392: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump,

CVE-2017-17080 [MEDIUM] CVE-2017-17080: binutils - elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed i... elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, an

CVE-2017-9042 [HIGH] CVE-2017-9042: binutils - readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" ... readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29-1) bullseye: resolved (fixed in 2.29-1) forky: resolved (fixed in 2.29-1) sid: resolv

CVE-2017-9750 [HIGH] CVE-2017-9750: binutils - opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale... opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Scope: local bookworm: resolved (fixe