CVE & Exploit Intelligence Database

CVE-2017-7301 7.5 HIGH EPSS 0.00

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.

CWE-20 Mar 29, 2017

CVE-2017-7300 7.5 HIGH EPSS 0.00

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash.

CWE-125 Mar 29, 2017

CVE-2017-7299 5.5 MEDIUM EPSS 0.00

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash.

CWE-125 Mar 29, 2017

CVE-2017-7227 7.5 HIGH EPSS 0.00

GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.

CWE-119 Mar 22, 2017

CVE-2017-7226 9.1 CRITICAL EPSS 0.00

The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.

CWE-125 Mar 22, 2017

CVE-2017-7225 7.5 HIGH EPSS 0.00

The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.

CWE-476 Mar 22, 2017

CVE-2017-7224 5.5 MEDIUM EPSS 0.00

The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.

CWE-787 Mar 22, 2017

CVE-2017-7223 7.5 HIGH EPSS 0.00

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.

CWE-119 Mar 22, 2017

CVE-2017-7210 5.5 MEDIUM EPSS 0.00

objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.

CWE-119 Mar 21, 2017

CVE-2017-7209 5.5 MEDIUM EPSS 0.00

The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.

CWE-476 Mar 21, 2017

CVE-2014-9939 9.8 CRITICAL EPSS 0.00

ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.

CWE-119 Mar 21, 2017

CVE-2017-6969 9.1 CRITICAL EPSS 0.00

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.

CWE-125 Mar 17, 2017

CVE-2017-6966 5.5 MEDIUM EPSS 0.00

readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.

CWE-416 Mar 17, 2017

CVE-2017-6965 5.5 MEDIUM EPSS 0.00

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.

CWE-119 Mar 17, 2017

CVE-2014-8738 EPSS 0.06

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.

CWE-119 Jan 15, 2015

CVE-2014-8737 EPSS 0.00

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

CWE-22 Dec 09, 2014

CVE-2014-8504 EPSS 0.06

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

CWE-119 Dec 09, 2014

CVE-2014-8503 EPSS 0.13

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

CWE-119 Dec 09, 2014

CVE-2014-8502 EPSS 0.11

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

CWE-119 Dec 09, 2014

CVE-2014-8501 EPSS 0.08

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

CWE-119 Dec 09, 2014