Search for packages
| purl | pkg:deb/ubuntu/binutils@2.33-1ubuntu1 |
| Next non-vulnerable version | 2.34-6ubuntu1.3 |
| Latest non-vulnerable version | 2.34-6ubuntu1.3 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4mae-qgmv-aaad
Aliases: CVE-2020-35495 |
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
Affected by 3 other vulnerabilities. |
|
VCID-4tq8-y4xu-aaaa
Aliases: CVE-2019-9077 |
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-565w-hvaz-aaag
Aliases: CVE-2018-20673 |
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. |
Affected by 2 other vulnerabilities. |
|
VCID-7ygr-zrh3-aaaa
Aliases: CVE-2019-17451 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. |
Affected by 8 other vulnerabilities. |
|
VCID-ajtg-21ay-aaaf
Aliases: CVE-2019-12972 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. |
Affected by 18 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-bfsy-f2jh-aaak
Aliases: CVE-2018-18483 |
The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. |
Affected by 18 other vulnerabilities. |
|
VCID-bgmy-98q8-aaag
Aliases: CVE-2019-9073 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-bnd7-s557-aaam
Aliases: CVE-2020-35496 |
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. |
Affected by 3 other vulnerabilities. |
|
VCID-eb7h-p6z2-aaan
Aliases: CVE-2020-16592 |
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. |
Affected by 0 other vulnerabilities. |
|
VCID-es2p-cft9-aaas
Aliases: CVE-2018-12934 |
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt. |
Affected by 18 other vulnerabilities. |
|
VCID-jbjk-zb77-aaae
Aliases: CVE-2019-17450 |
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. |
Affected by 8 other vulnerabilities. |
|
VCID-m8xj-qm2u-aaaa
Aliases: CVE-2019-9070 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-nnxe-6dsq-aaaa
Aliases: CVE-2020-35494 |
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. |
Affected by 3 other vulnerabilities. |
|
VCID-prnn-s8nt-aaae
Aliases: CVE-2020-35493 |
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. |
Affected by 3 other vulnerabilities. |
|
VCID-r4yx-jctz-aaan
Aliases: CVE-2021-3487 |
Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sourceware.org/cgit/binutils-gdb/tree/binutils/SECURITY.txt |
Affected by 0 other vulnerabilities. |
|
VCID-s4d8-14c6-aaag
Aliases: CVE-2019-14250 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-sd2q-hjup-aaab
Aliases: CVE-2019-14444 |
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-trht-5tms-aaaa
Aliases: CVE-2019-9071 |
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-ubwa-zknb-aaar
Aliases: CVE-2019-9074 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-ujyd-g3vb-aaad
Aliases: CVE-2020-35507 |
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. |
Affected by 3 other vulnerabilities. |
|
VCID-wx4y-fzsp-aaaq
Aliases: CVE-2019-9075 |
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. |
Affected by 13 other vulnerabilities. Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|