CVE & Exploit Intelligence Database

CVE-2020-35494 6.1 MEDIUM EPSS 0.00

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.

CWE-908 Jan 04, 2021

CVE-2020-35493 5.5 MEDIUM EPSS 0.00

A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

CWE-20 Jan 04, 2021

CVE-2020-35448 3.3 LOW EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

CWE-125 Dec 27, 2020

CVE-2020-16599 5.5 MEDIUM EPSS 0.00

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CWE-476 Dec 09, 2020

CVE-2020-16593 5.5 MEDIUM EPSS 0.00

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

CWE-476 Dec 09, 2020

CVE-2020-16592 5.5 MEDIUM EPSS 0.00

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

CWE-416 Dec 09, 2020

CVE-2020-16591 5.5 MEDIUM EPSS 0.00

A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

CWE-125 Dec 09, 2020

CVE-2020-16590 5.5 MEDIUM EPSS 0.00

A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.

CWE-415 Dec 09, 2020

CVE-2019-17451 6.5 MEDIUM EPSS 0.01

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

CWE-190 Oct 10, 2019

CVE-2019-17450 6.5 MEDIUM EPSS 0.01

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

CWE-674 Oct 10, 2019

CVE-2019-14444 5.5 MEDIUM EPSS 0.00

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.

CWE-190 Jul 30, 2019

CVE-2019-14250 5.5 MEDIUM EPSS 0.00

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.

CWE-190 Jul 24, 2019

CVE-2019-1010204 5.5 MEDIUM EPSS 0.00

GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.

CWE-681 Jul 23, 2019

CVE-2019-12972 5.5 MEDIUM EPSS 0.01

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

CWE-125 Jun 26, 2019

CVE-2019-9077 7.8 HIGH EPSS 0.00

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

CWE-787 Feb 24, 2019

CVE-2019-9076 5.5 MEDIUM EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.

CWE-770 Feb 24, 2019

CVE-2019-9075 7.8 HIGH EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.

CWE-787 Feb 24, 2019

CVE-2019-9074 5.5 MEDIUM EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.

CWE-125 Feb 24, 2019

CVE-2019-9073 5.5 MEDIUM EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.

CWE-770 Feb 24, 2019

CVE-2019-9072 5.5 MEDIUM EPSS 0.00

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c.

CWE-770 Feb 24, 2019