Gnu Binutils vulnerabilities

CVE-2018-17359 [MEDIUM] CWE-119 CVE-2018-17359: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.

CVE-2017-7209 [MEDIUM] CWE-476 CVE-2017-7209: The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while rea The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

CVE-2020-16593 [MEDIUM] CWE-476 CVE-2020-16593: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka lib A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

CVE-2020-16599 [MEDIUM] CWE-476 CVE-2020-16599: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka lib A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CVE-2017-6966 [MEDIUM] CWE-416 CVE-2017-6966: readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while process readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.

CVE-2020-16591 [MEDIUM] CWE-125 CVE-2020-16591: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 du A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CVE-2023-25585 [MEDIUM] CWE-457 CVE-2023-25585: A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lea A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVE-2023-25586 [MEDIUM] CWE-457 CVE-2023-25586: A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may le A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVE-2020-19724 [MEDIUM] CWE-401 CVE-2020-19724: A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attack A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.

CVE-2017-14934 [MEDIUM] CWE-131 CVE-2017-14934: process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distribut process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

CVE-2022-47011 [MEDIUM] CWE-401 CVE-2022-47011: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, all An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47008 [MEDIUM] CWE-401 CVE-2022-47008: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2 An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47007 [MEDIUM] CWE-401 CVE-2022-47007: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-47010 [MEDIUM] CWE-401 CVE-2022-47010: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows atta An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2020-21490 [MEDIUM] CWE-401 CVE-2020-21490: An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. Thi An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.

CVE-2022-35205 [MEDIUM] CWE-617 CVE-2022-35205: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.

CVE-2023-25588 [MEDIUM] CWE-457 CVE-2023-25588: A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_ma A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

CVE-2025-1152 [LOW] CWE-401 CVE-2025-1152: A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the funct A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclos

CVE-2020-35448 [LOW] CWE-125 CVE-2020-35448: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

CVE-2025-1180 [LOW] CWE-119 CVE-2025-1180: A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the func A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to