Debian Binutils vulnerabilities

CVE-2017-12457 [HIGH] CVE-2017-12457: binutils - The bfd_make_section_with_flags function in section.c in the Binary File Descrip... The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. Scope: local bookworm: resolved (fixed in 2.29-8) bullseye: resolved (fixed in 2.29-8) forky: resolved (fixed in 2.29-8) sid: resolved

CVE-2017-12456 [HIGH] CVE-2017-12456: binutils - The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 an... The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: resolved (fixed in 2.29-9) sid: resolved (fixed in 2.29-9) trixie: resolved (fixed in 2.29-9)

CVE-2017-12452 [HIGH] CVE-2017-12452: binutils - The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the ... The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: resolv

CVE-2017-8396 [HIGH] CVE-2017-8396: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as

CVE-2017-12449 [HIGH] CVE-2017-12449: binutils - The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descrip... The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. Scope: local bookworm: resolved (fixed in 2.29-8) bullseye: resolved (fixed in 2.29-8) forky: resolved (fixed in 2.29-8) s

CVE-2017-7227 [HIGH] CVE-2017-7227: binutils - GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overfl... GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. Scope: local bookworm: resolved (fixed in 2.27.51.20161212-1) bullseye: resolved (fixed in 2.27.51.20161212-1) forky: resolved (fixed in 2.27.51.20161

CVE-2017-12450 [HIGH] CVE-2017-12450: binutils - The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor... The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.2

CVE-2017-7301 [HIGH] CVE-2017-7301: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. Scope: local bookworm: resolved (fixed in 2.27.51.20161212-1) bulls

CVE-2017-14745 [HIGH] CVE-2017-14745: binutils - The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library... The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, rel

CVE-2017-12455 [HIGH] CVE-2017-12455: binutils - The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BF... The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. Scope: local bookworm: resolved (fixed in 2.29-8) bullseye: resolved (fixed in 2.29-8) forky: resolved (fixed in 2.29-8) si

CVE-2017-12459 [HIGH] CVE-2017-12459: binutils - The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File De... The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. Scope: local bookworm: resolved (fixed in 2.29-8) bullseye: resolved (fixed i

CVE-2017-7304 [HIGH] CVE-2017-7304: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. Scope: local bookworm: resolved

CVE-2017-8398 [HIGH] CVE-2017-8398: binutils - dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during d... dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. Scope: local bookworm: resolved (fixed in 2.28-5) bullseye: resolved (fixed in 2.28-5) forky: resolved (fixed in 2.28-5

CVE-2017-13710 [HIGH] CVE-2017-13710: binutils - The setup_group function in elf.c in the Binary File Descriptor (BFD) library (a... The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: res

CVE-2017-12454 [HIGH] CVE-2017-12454: binutils - The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descripto... The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: resolved (fixed in 2.29-9)

CVE-2017-8393 [HIGH] CVE-2017-8393: binutils - The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Bin... The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary prog

CVE-2017-12458 [HIGH] CVE-2017-12458: binutils - The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File D... The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. Scope: local bookworm: resolved (fixed in 2.29-8) bullseye: resolved (fixed in 2.29-8) forky: resolved (fixed in 2.2

CVE-2017-12799 [HIGH] CVE-2017-12799: binutils - The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attac... The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: resolved (fixed in 2.29-9) sid: resolved (fixed in

CVE-2017-12453 [HIGH] CVE-2017-12453: binutils - The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD)... The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9) forky: resolved (fixed in 2.29-9) sid:

CVE-2017-12451 [HIGH] CVE-2017-12451: binutils - The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c... The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. Scope: local bookworm: resolved (fixed in 2.29-9) bullseye: resolved (fixed in 2.29-9)