Gnu Binutils vulnerabilities

CVE-2025-1148 [LOW] CWE-401 CVE-2025-1148: A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit h

CVE-2025-1153 [LOW] CWE-119 CVE-2025-1153: A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vuln A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45

CVE-2025-1149 [LOW] CWE-401 CVE-2025-1149: A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The expl

CVE-2025-1151 [LOW] CWE-401 CVE-2025-1151: A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclo

CVE-2025-1150 [LOW] CWE-401 CVE-2025-1150: A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerabil A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has

CVE-2025-0840 [MEDIUM] CWE-119 CVE-2025-0840: A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This aff A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability

CVE-2023-25584 [MEDIUM] CWE-125 CVE-2023-25584: An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

CVE-2023-25588 [MEDIUM] CWE-457 CVE-2023-25588: A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_ma A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

CVE-2023-25586 [MEDIUM] CWE-457 CVE-2023-25586: A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may le A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

CVE-2023-25585 [MEDIUM] CWE-457 CVE-2023-25585: A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lea A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

CVE-2022-44840 [HIGH] CWE-787 CVE-2022-44840: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

CVE-2021-46174 [HIGH] CWE-787 CVE-2021-46174: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

CVE-2022-47695 [HIGH] CWE-400 CVE-2022-47695: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

CVE-2022-47673 [HIGH] CWE-125 CVE-2022-47673: An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

CVE-2022-45703 [HIGH] CWE-787 CVE-2022-45703: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_sectio Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

CVE-2020-19726 [HIGH] CWE-400 CVE-2020-19726: An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attac An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

CVE-2022-47696 [HIGH] CWE-400 CVE-2022-47696: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

CVE-2020-35342 [HIGH] CWE-665 CVE-2020-35342: GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

CVE-2022-47011 [MEDIUM] CWE-401 CVE-2022-47011: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, all An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

CVE-2022-35206 [MEDIUM] CWE-476 CVE-2022-35206: Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_att Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.