Debian Binutils vulnerabilities

CVE-2017-9742 [HIGH] CVE-2017-9742: binutils - The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows r... The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Scope: local bookworm: resolved (fixed in 2.29-1) bullseye:

CVE-2017-15225 [MEDIUM] CVE-2017-15225: binutils - _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) l... _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.20180122-1) forky: resolved (fixed in

CVE-2017-15939 [MEDIUM] CVE-2017-15939: binutils - dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute... dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix fo

CVE-2017-14940 [MEDIUM] CVE-2017-14940: binutils - scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (a... scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: resolved (fixed in 2.29.90.20180122-1)

CVE-2017-16832 [HIGH] CVE-2017-16832: binutils - The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD... The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a craft

CVE-2017-9744 [HIGH] CVE-2017-9744: binutils - The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Des... The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "ob

CVE-2017-16831 [HIGH] CVE-2017-16831: binutils - coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribut... coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. Scope: local bookworm: reso

CVE-2017-9039 [MEDIUM] CVE-2017-9039: binutils - GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory c... GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. Scope: local bookworm: resolved (fixed in 2.28-6) bullseye: resolved (fixed in 2.28-6) forky: resolved (fixed in 2.28-6) sid: resolved (fixed in 2.28-6) trixie: resolv

CVE-2017-15938 [HIGH] CVE-2017-15938: binutils - dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute... dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). Scope: local bookworm: resol

CVE-2017-15022 [MEDIUM] CVE-2017-15022: binutils - dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute... dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_co

CVE-2017-14130 [MEDIUM] CVE-2017-14130: binutils - The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descrip... The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolv

CVE-2017-16828 [HIGH] CVE-2017-16828: binutils - The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remot... The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. Scope: local bookworm: resolved (fixed in 2.29.90.20180122-1) bullseye: reso

CVE-2017-9751 [HIGH] CVE-2017-9751: binutils - opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, whi... opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. Scope: local bookworm: resolved (fixed in 2.29-1)

CVE-2017-9747 [HIGH] CVE-2017-9747: binutils - The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) li... The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" e

CVE-2017-9754 [HIGH] CVE-2017-9754: binutils - The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) l... The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandl

CVE-2017-9038 [MEDIUM] CVE-2017-9038: binutils - GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-bas... GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. Scope: local bookworm: resolved (fixed in 2.2

CVE-2017-15023 [MEDIUM] CVE-2017-15023: binutils - read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (... read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. Scope: local bookworm: resolve

CVE-2017-7614 [CRITICAL] CVE-2017-7614: binutils - elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribut... elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program. Scope: local bookworm: re

CVE-2017-14128 [MEDIUM] CVE-2017-14128: binutils - The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) li... The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9)

CVE-2017-9745 [HIGH] CVE-2017-9745: binutils - The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descripto... The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump