Gnu Binutils vulnerabilities

CVE-2019-9072 [MEDIUM] CWE-770 CVE-2019-9072: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

CVE-2017-7299 [MEDIUM] CWE-125 CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an i The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program c

CVE-2019-1010204 [MEDIUM] CWE-125 CVE-2019-1010204: GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Valid GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

CVE-2020-16592 [MEDIUM] CWE-416 CVE-2020-16592: A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binuti A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVE-2020-16590 [MEDIUM] CWE-415 CVE-2020-16590: A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

CVE-2024-57360 [MEDIUM] binutils vulnerabilities binutils vulnerabilities It was discovered that GNU binutils in nm tool is affected by an incorrect access control. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2024-57360) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-0840)

CVE-2025-69645 [MEDIUM] CWE-400 CVE-2025-69645: Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with ma Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A lo

CVE-2017-14940 [MEDIUM] CWE-476 CVE-2017-14940: scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distr scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.

CVE-2018-20002 [MEDIUM] CWE-772 CVE-2018-20002: The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (ak The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

CVE-2017-17123 [MEDIUM] CWE-476 CVE-2017-17123: The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka l The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.

CVE-2017-14130 [MEDIUM] CWE-125 CVE-2017-14130: The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (a The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2017-14129 [MEDIUM] CWE-125 CVE-2017-14129: The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as d The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2017-14128 [MEDIUM] CWE-125 CVE-2017-14128: The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2018-7570 [MEDIUM] CWE-476 CVE-2018-7570: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated b

CVE-2017-17080 [MEDIUM] CWE-125 CVE-2017-17080: elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29. elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbs

CVE-2017-7210 [MEDIUM] CWE-119 CVE-2017-7210: objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and s objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

CVE-2019-9073 [MEDIUM] CWE-770 CVE-2019-9073: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

CVE-2018-7569 [MEDIUM] CWE-190 CVE-2018-7569: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

CVE-2017-14938 [MEDIUM] CWE-770 CVE-2017-14938: _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.

CVE-2018-7568 [MEDIUM] CWE-190 CVE-2018-7568: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.