CVE-2017-7301
- EPSS 2.4%
- Veröffentlicht 29.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerabi...
CVE-2017-7302
- EPSS 2.38%
- Veröffentlicht 29.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be reco...
CVE-2017-7303
- EPSS 2.22%
- Veröffentlicht 29.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vul...
CVE-2017-7304
- EPSS 2.1%
- Veröffentlicht 29.03.2017 15:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before atte...
CVE-2017-7223
- EPSS 1.96%
- Veröffentlicht 22.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
CVE-2017-7224
- EPSS 1.11%
- Veröffentlicht 22.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
CVE-2017-7225
- EPSS 2.45%
- Veröffentlicht 22.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
CVE-2017-7226
- EPSS 2.46%
- Veröffentlicht 22.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to...
CVE-2017-7227
- EPSS 2.5%
- Veröffentlicht 22.03.2017 16:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
CVE-2014-9939
- EPSS 2.28%
- Veröffentlicht 21.03.2017 06:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.