VulnerableCode Package Details - pkg:alpm/archlinux/binutils@2.31.1-4

Search for packages

Vulnerability	Summary	Fixed by
VCID-274n-scdf-aaaf Aliases: CVE-2018-20002	The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.	2.32-1 Affected by 0 other vulnerabilities.
VCID-jvnf-hs8k-aaan Aliases: CVE-2018-19931	An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.	2.32-1 Affected by 0 other vulnerabilities.
VCID-vwdp-5u8e-aaas Aliases: CVE-2018-20712	A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.	2.32-1 Affected by 0 other vulnerabilities.
VCID-zq98-1wmw-aaad Aliases: CVE-2018-19932	An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.	2.32-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-274n-scdf-aaaf
Aliases:
CVE-2018-20002

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.

2.32-1
Affected by 0 other vulnerabilities.

VCID-jvnf-hs8k-aaan
Aliases:
CVE-2018-19931

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

2.32-1
Affected by 0 other vulnerabilities.

VCID-vwdp-5u8e-aaas
Aliases:
CVE-2018-20712

A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

2.32-1
Affected by 0 other vulnerabilities.

VCID-zq98-1wmw-aaad
Aliases:
CVE-2018-19932

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.

2.32-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:00.277012+00:00	Arch Linux Importer	Affected by	VCID-jvnf-hs8k-aaan	https://security.archlinux.org/AVG-832	36.0.0
2025-03-28T07:46:00.256755+00:00	Arch Linux Importer	Affected by	VCID-zq98-1wmw-aaad	https://security.archlinux.org/AVG-832	36.0.0
2025-03-28T07:46:00.236312+00:00	Arch Linux Importer	Affected by	VCID-274n-scdf-aaaf	https://security.archlinux.org/AVG-832	36.0.0
2025-03-28T07:46:00.215703+00:00	Arch Linux Importer	Affected by	VCID-vwdp-5u8e-aaas	https://security.archlinux.org/AVG-832	36.0.0
2024-09-18T02:01:03.743409+00:00	Arch Linux Importer	Affected by	VCID-jvnf-hs8k-aaan	https://security.archlinux.org/AVG-832	34.0.1
2024-09-18T02:01:03.718351+00:00	Arch Linux Importer	Affected by	VCID-zq98-1wmw-aaad	https://security.archlinux.org/AVG-832	34.0.1
2024-09-18T02:01:03.695078+00:00	Arch Linux Importer	Affected by	VCID-274n-scdf-aaaf	https://security.archlinux.org/AVG-832	34.0.1
2024-09-18T02:01:03.669385+00:00	Arch Linux Importer	Affected by	VCID-vwdp-5u8e-aaas	https://security.archlinux.org/AVG-832	34.0.1
2024-01-31T12:09:57.002884+00:00	Arch Linux Importer	Affected by	VCID-jvnf-hs8k-aaan	https://security.archlinux.org/AVG-832	34.0.0rc2
2024-01-31T12:09:56.980807+00:00	Arch Linux Importer	Affected by	VCID-zq98-1wmw-aaad	https://security.archlinux.org/AVG-832	34.0.0rc2
2024-01-31T12:09:56.958977+00:00	Arch Linux Importer	Affected by	VCID-274n-scdf-aaaf	https://security.archlinux.org/AVG-832	34.0.0rc2
2024-01-31T12:09:56.935997+00:00	Arch Linux Importer	Affected by	VCID-vwdp-5u8e-aaas	https://security.archlinux.org/AVG-832	34.0.0rc2
2024-01-03T22:27:19.788099+00:00	Arch Linux Importer	Affected by	VCID-jvnf-hs8k-aaan	https://security.archlinux.org/AVG-832	34.0.0rc1
2024-01-03T22:27:19.766705+00:00	Arch Linux Importer	Affected by	VCID-zq98-1wmw-aaad	https://security.archlinux.org/AVG-832	34.0.0rc1
2024-01-03T22:27:19.744898+00:00	Arch Linux Importer	Affected by	VCID-274n-scdf-aaaf	https://security.archlinux.org/AVG-832	34.0.0rc1
2024-01-03T22:27:19.723833+00:00	Arch Linux Importer	Affected by	VCID-vwdp-5u8e-aaas	https://security.archlinux.org/AVG-832	34.0.0rc1

2025-03-28T07:46:00.277012+00:00

Arch Linux Importer

Affected by

Next non-vulnerable version	2.32-1
Latest non-vulnerable version	2.38-1
Risk	4.0