
CVE-2025-5245 – GNU Binutils objdump debug.c debug_type_samep memory corruption
https://notcve.org/view.php?id=CVE-2025-5245
27 May 2025 — A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2025-5244 – GNU Binutils ld elflink.c elf_gc_sweep memory corruption
https://notcve.org/view.php?id=CVE-2025-5244
27 May 2025 — A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. • https://sourceware.org/bugzilla/attachment.cgi?id=16010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2018-20657 – libiberty: Memory leak in demangle_template function resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20657
02 Jan 2019 — The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. La función demangle_template en cplus-dem.c en GNU libiberty, como se distribuyó en la versión 2.31.1, tiene una fuga de memoria mediante una cadena manipulada, provocando una denegación de servicio (consumo de memoria), tal y como queda demostrado con ... • http://www.securityfocus.com/bid/106444 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVE-2018-12698 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-12698
23 Jun 2018 — demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump. demangle_template en cplus-dem.c en GNU libiberty, tal y como se distribuye en GNU Binutils 2.30, permite que los atacantes desencadenen un consumo de memoria excesivo (también conocido como OOM) durante la llamada XNEWVEC "Create... • http://www.securityfocus.com/bid/104539 •

CVE-2017-13716
https://notcve.org/view.php?id=CVE-2017-13716
28 Aug 2017 — The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). La rutina C++ symbol demangler en cplus-dem.c en libiberty, tal y como se distribuye en GNU Binutils 2.29, permite que atacantes remotos provoquen una denegación de servicio (asignación de memoria exces... • https://sourceware.org/bugzilla/show_bug.cgi?id=22009 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2014-9939 – Ubuntu Security Notice USN-3367-1
https://notcve.org/view.php?id=CVE-2014-9939
21 Mar 2017 — ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. ihex.c en GNU Binutils en versiones anteriores a 2.26 contiene un desbordamiento de búfer en pila cuando imprime los bytes incorrectos en objetos Intel Hex. Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb t... • http://www.openwall.com/lists/oss-security/2015/07/31/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2014-8738 – binutils: out of bounds memory write
https://notcve.org/view.php?id=CVE-2014-8738
14 Jan 2015 — The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. La función _bfd_slurp_extended_name_table en bfd/archive.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura inválida, fallo de segmentación y caída) a través de una tabla extendida de nombres manipulada en un ar... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVE-2014-8484 – binutils: invalid read flaw in libbfd
https://notcve.org/view.php?id=CVE-2014-8484
09 Dec 2014 — The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. La función srec_scan en bfd/srec.c en libdbfd en GNU binutils anterior a 2.25 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de un S-record pequeño. An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings uti... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-839: Numeric Range Comparison Without Minimum Check •

CVE-2014-8485 – binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
https://notcve.org/view.php?id=CVE-2014-8485
09 Dec 2014 — The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. La función setup_group en bfd/elf.c en libbfd en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cabeceras de grupo de sección manipuladas en un fichero ELF. A buffer overflow f... • http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-822: Untrusted Pointer Dereference •

CVE-2014-8501 – binutils: out-of-bounds write when parsing specially crafted PE executable
https://notcve.org/view.php?id=CVE-2014-8501
09 Dec 2014 — The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. La función _bfd_XXi_swap_aouthdr_in en bfd/peXXigen.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) y posiblemente tener otro impacto no especificado... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •