Gnu Binutils vulnerabilities

CVE-2017-8395 [HIGH] CWE-476 CVE-2017-8395: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary prog

CVE-2017-8398 [HIGH] CWE-119 CVE-2017-8398: dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug info dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.

CVE-2017-8393 [HIGH] CWE-125 CVE-2017-8393: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis

CVE-2017-8397 [HIGH] CWE-119 CVE-2017-8397: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, s

CVE-2017-8392 [HIGH] CWE-476 CVE-2017-8392: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, suc

CVE-2017-7614 [CRITICAL] CWE-476 CVE-2017-7614: elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2 elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.

CVE-2017-7303 [HIGH] CWE-125 CVE-2017-7303: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.

CVE-2017-7302 [HIGH] CWE-125 CVE-2017-7302: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a sw The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash.

CVE-2017-7301 [HIGH] CWE-20 CVE-2017-7301: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an a The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.

CVE-2017-7300 [HIGH] CWE-125 CVE-2017-7300: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an a The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.

CVE-2017-7304 [HIGH] CWE-125 CVE-2017-7304: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulne The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.

CVE-2017-7299 [MEDIUM] CWE-125 CVE-2017-7299: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an i The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program c

CVE-2017-7226 [CRITICAL] CWE-125 CVE-2017-7226: The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distribute The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to informat

CVE-2017-7225 [HIGH] CWE-476 CVE-2017-7225: The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

CVE-2017-7223 [HIGH] CWE-119 CVE-2017-7223: GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attem GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

CVE-2017-7227 [HIGH] CWE-119 CVE-2017-7227: GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

CVE-2017-7224 [MEDIUM] CWE-787 CVE-2017-7224: The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

CVE-2014-9939 [CRITICAL] CWE-119 CVE-2014-9939: ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

CVE-2017-7210 [MEDIUM] CWE-119 CVE-2017-7210: objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and s objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

CVE-2017-7209 [MEDIUM] CWE-476 CVE-2017-7209: The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while rea The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.