Elfutils Project Elfutils — known CVE vulnerabilities
Every CVE whose affected-product data names Elfutils Project Elfutils, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2018-16402 — CVSS 9.8 (critical): libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly…
CVE-2018-8769 — CVSS 7.8 (high): elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is…
CVE-2014-0172 — CVSS 6.8 (medium): Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through…
CVE-2018-18520 — CVSS 6.5 (medium): An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to…
CVE-2019-7149 — CVSS 6.5 (medium): A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted…
CVE-2019-7148 — CVSS 6.5 (medium): An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote…
CVE-2014-9447 — CVSS 6.4 (medium): Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers…
CVE-2017-7611 — CVSS 5.5 (medium): The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2017-7612 — CVSS 5.5 (medium): The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2017-7613 — CVSS 5.5 (medium): elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a…
CVE-2018-16062 — CVSS 5.5 (medium): dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service…
CVE-2018-16403 — CVSS 5.5 (medium): libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in…
CVE-2018-18310 — CVSS 5.5 (medium): An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The…
CVE-2019-7146 — CVSS 5.5 (medium): In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage…
CVE-2019-7150 — CVSS 5.5 (medium): An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to…
CVE-2019-7664 — CVSS 5.5 (medium): In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check…
CVE-2019-7665 — CVSS 5.5 (medium): In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF…
CVE-2020-21047 — CVSS 5.5 (medium): The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused…
CVE-2021-33294 — CVSS 5.5 (medium): In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of…
CVE-2018-18521 — CVSS 5.5 (medium): Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of…
CVE-2016-10254 — CVSS 5.5 (medium): The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted…
CVE-2016-10255 — CVSS 5.5 (medium): The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service…
CVE-2017-7607 — CVSS 5.5 (medium): The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2017-7608 — CVSS 5.5 (medium): The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service…
CVE-2017-7609 — CVSS 5.5 (medium): elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service…
CVE-2017-7610 — CVSS 5.5 (medium): The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read…
CVE-2025-1372 — CVSS 5.3 (medium): A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function…
CVE-2025-1365 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file…
CVE-2025-1352 — CVSS 5.0 (medium): A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function…
CVE-2024-25260 — CVSS 4.0 (medium): elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
CVE-2025-1371 — CVSS 3.3 (low): A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function…
CVE-2025-1377 — CVSS 3.3 (low): A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function…
CVE-2025-1376 — CVSS 2.5 (low): A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the…