Gnu Binutils vulnerabilities

CVE-2017-6969 [CRITICAL] CWE-125 CVE-2017-6969: readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

CVE-2017-6966 [MEDIUM] CWE-416 CVE-2017-6966: readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while process readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.

CVE-2017-6965 [MEDIUM] CWE-119 CVE-2017-6965: readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files contai readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

CVE-2016-2226 [HIGH] CVE-2016-2226: Integer overflow in the string_appends function in cplus-dem Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

CVE-2016-4491 [MEDIUM] CVE-2016-4491: The d_print_comp function in cp-demangle The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

CVE-2016-4488 [MEDIUM] CVE-2016-4488: Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, re Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."

CVE-2016-4489 [MEDIUM] CVE-2016-4489: Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a cr Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."

CVE-2016-4487 [MEDIUM] CVE-2016-4487: Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, re Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

CVE-2016-4490 [MEDIUM] CVE-2016-4490: Integer overflow in cp-demangle Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

CVE-2016-4493 [MEDIUM] CVE-2016-4493: The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

CVE-2016-4492 [MEDIUM] CVE-2016-4492: Buffer overflow in the do_type function in cplus-dem Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

CVE-2016-6131 [HIGH] CVE-2016-6131: The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the refe The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

CVE-2014-8738 [MEDIUM] CWE-119 CVE-2014-8738: The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

CVE-2014-8485 [HIGH] CWE-94 CVE-2014-8485: The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attac The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.

CVE-2014-8504 [HIGH] CWE-119 CVE-2014-8504: Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

CVE-2014-8501 [HIGH] CWE-119 CVE-2014-8501: The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remo The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

CVE-2014-8503 [HIGH] CWE-119 CVE-2014-8503: Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

CVE-2014-8502 [HIGH] CWE-119 CVE-2014-8502: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

CVE-2014-8484 [MEDIUM] CWE-119 CVE-2014-8484: The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.

CVE-2014-8737 [LOW] CWE-22 CVE-2014-8737: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to d Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.