Gnu Binutils vulnerabilities

CVE-2017-14930 [MEDIUM] CWE-772 CVE-2017-14930: Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd) Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

CVE-2017-15225 [MEDIUM] CWE-772 CVE-2017-15225: _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.

CVE-2017-13716 [MEDIUM] CWE-770 CVE-2017-13716: The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, a The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

CVE-2018-17358 [MEDIUM] CWE-119 CVE-2018-17358: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

CVE-2017-7224 [MEDIUM] CWE-787 CVE-2017-7224: The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

CVE-2018-9138 [MEDIUM] CWE-674 CVE-2018-9138: An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.3 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.

CVE-2017-9955 [MEDIUM] CWE-125 CVE-2017-9955: The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as d The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mish

CVE-2017-14974 [MEDIUM] CWE-476 CVE-2017-14974: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as di The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and e

CVE-2017-8421 [MEDIUM] CWE-772 CVE-2017-8421: The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libb The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.

CVE-2021-46195 [MEDIUM] CVE-2021-46195: GCC v12 GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

CVE-2022-48065 [MEDIUM] CWE-401 CVE-2022-48065: GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

CVE-2022-4285 [MEDIUM] CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corr An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CVE-2022-38533 [MEDIUM] CWE-787 CVE-2022-38533: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when c In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

CVE-2022-35206 [MEDIUM] CWE-476 CVE-2022-35206: Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_att Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.

CVE-2025-69644 [MEDIUM] CWE-400 CVE-2025-69644: An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerabil An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects v

CVE-2014-8737 [LOW] CWE-22 CVE-2014-8737: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to d Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

CVE-2017-15025 [MEDIUM] CWE-369 CVE-2017-15025: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.

CVE-2017-15024 [MEDIUM] CWE-835 CVE-2017-15024: find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

CVE-2017-14932 [MEDIUM] CWE-835 CVE-2017-14932: decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribute decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

CVE-2017-14933 [MEDIUM] CWE-835 CVE-2017-14933: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.