binutils (SUSE:OpenStack Cloud 7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 7 package binutils, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (69)
CVE-2014-9939 — CVSS 9.8 (critical): ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
CVE-2017-6969 — CVSS 9.1 (critical): readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can…
CVE-2017-7226 — CVSS 9.1 (critical): The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable…
CVE-2017-16827 — CVSS 7.8 (high): The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2017-16828 — CVSS 7.8 (high): The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow…
CVE-2017-16829 — CVSS 7.8 (high): The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in…
CVE-2017-16831 — CVSS 7.8 (high): coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol…
CVE-2017-16832 — CVSS 7.8 (high): The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2017-16830 — CVSS 7.8 (high): The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms…
CVE-2017-15996 — CVSS 7.8 (high): elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly…
CVE-2017-16826 — CVSS 7.8 (high): The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2017-9746 — CVSS 7.8 (high): The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and…
CVE-2017-9747 — CVSS 7.8 (high): The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28…
CVE-2017-9748 — CVSS 7.8 (high): The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28…
CVE-2017-9750 — CVSS 7.8 (high): opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of…
CVE-2017-9755 — CVSS 7.8 (high): opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a…
CVE-2017-9756 — CVSS 7.8 (high): The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service…
CVE-2018-1000876 — CVSS 7.8 (high): binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_d…
CVE-2018-18483 — CVSS 7.8 (high): The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of…
CVE-2018-19931 — CVSS 7.8 (high): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a…
CVE-2018-6323 — CVSS 7.8 (high): The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has…
CVE-2018-6543 — CVSS 7.8 (high): In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()`…
CVE-2018-7208 — CVSS 7.8 (high): In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2018-7643 — CVSS 7.8 (high): The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow…
CVE-2019-1010180 — CVSS 7.8 (high): GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and…
CVE-2017-7303 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4)…
CVE-2017-8394 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due…
CVE-2017-7304 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8)…
CVE-2017-8396 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1…
CVE-2017-7223 — CVSS 7.5 (high): GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from…
CVE-2017-8392 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8…
CVE-2017-7225 — CVSS 7.5 (high): The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name…
CVE-2017-15938 — CVSS 7.5 (high): dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die…
CVE-2017-8393 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read…
CVE-2017-7300 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in…
CVE-2017-7301 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in…
CVE-2017-7302 — CVSS 7.5 (high): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in…
CVE-2018-10373 — CVSS 6.5 (medium): concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote…
CVE-2018-17359 — CVSS 5.5 (medium): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory…
CVE-2018-17360 — CVSS 5.5 (medium): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer…
CVE-2018-17985 — CVSS 5.5 (medium): An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused…
CVE-2018-18309 — CVSS 5.5 (medium): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory…
CVE-2018-7568 — CVSS 5.5 (medium): The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows…
CVE-2018-18484 — CVSS 5.5 (medium): An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++…
CVE-2018-18605 — CVSS 5.5 (medium): A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD)…
CVE-2018-18606 — CVSS 5.5 (medium): An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed…
CVE-2018-18607 — CVSS 5.5 (medium): An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU…
CVE-2018-19932 — CVSS 5.5 (medium): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an…
CVE-2018-20623 — CVSS 5.5 (medium): In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in…
CVE-2017-6965 — CVSS 5.5 (medium): readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations…
CVE-2017-6966 — CVSS 5.5 (medium): readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an…
CVE-2017-15939 — CVSS 5.5 (medium): dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a…
CVE-2017-7209 — CVSS 5.5 (medium): The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt…
CVE-2017-7210 — CVSS 5.5 (medium): objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS…
CVE-2017-7224 — CVSS 5.5 (medium): The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt…
CVE-2017-7299 — CVSS 5.5 (medium): The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the…
CVE-2018-7569 — CVSS 5.5 (medium): dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a…
CVE-2017-8421 — CVSS 5.5 (medium): The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2018-20651 — CVSS 5.5 (medium): A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka…
CVE-2018-20671 — CVSS 5.5 (medium): load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a…
CVE-2018-7570 — CVSS 5.5 (medium): The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed…
CVE-2018-7642 — CVSS 5.5 (medium): The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30…
CVE-2018-6759 — CVSS 5.5 (medium): The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils…
CVE-2018-6872 — CVSS 5.5 (medium): The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows…
CVE-2018-8945 — CVSS 5.5 (medium): The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30…
CVE-2018-10372 — CVSS 5.5 (medium): process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and…
CVE-2018-10534 — CVSS 5.5 (medium): The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as…
CVE-2018-10535 — CVSS 5.5 (medium): The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30…
CVE-2018-17358 — CVSS 5.5 (medium): An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory…