
CVE-2025-5245 – GNU Binutils objdump debug.c debug_type_samep memory corruption
https://notcve.org/view.php?id=CVE-2025-5245
27 May 2025 — A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2025-5244 – GNU Binutils ld elflink.c elf_gc_sweep memory corruption
https://notcve.org/view.php?id=CVE-2025-5244
27 May 2025 — A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. • https://sourceware.org/bugzilla/attachment.cgi?id=16010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVE-2021-46174 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2021-46174
22 Aug 2023 — Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. Desbordamiento de búfer basado en el montículo en la función bfd_getl32 de Binutils objdump 3.37. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. • https://sourceware.org/bugzilla/show_bug.cgi?id=28753 • CWE-787: Out-of-bounds Write •

CVE-2020-19724 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2020-19724
22 Aug 2023 — A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. Un problema de consumo de memoria en la función get_data en binutils/nm.c en GNU nm antes de la versión 2.34 permite a los atacantes causar una denegación de servicio a través de un comando manipulado. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was... • https://sourceware.org/bugzilla/show_bug.cgi?id=25362 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVE-2020-19726 – Ubuntu Security Notice USN-6544-1
https://notcve.org/view.php?id=CVE-2020-19726
22 Aug 2023 — An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Se ha descubierto un problema en binutils libbfd.c 2.36 relacionado con los datos de símbolos auxiliares que permite a los atacantes leer o escribir en la memoria del sistema o provocar una denegación de servicio. It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a ... • https://sourceware.org/bugzilla/show_bug.cgi?id=26240 • CWE-400: Uncontrolled Resource Consumption •

CVE-2020-21490
https://notcve.org/view.php?id=CVE-2020-21490
22 Aug 2023 — An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. • https://security.netapp.com/advisory/ntap-20230929-0007 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVE-2020-35342 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2020-35342
22 Aug 2023 — GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. It was discovered that a memory leak existed in certain GNU binutils modules. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to ... • https://security.netapp.com/advisory/ntap-20231006-0009 • CWE-665: Improper Initialization •

CVE-2022-35205 – Ubuntu Security Notice USN-6544-1
https://notcve.org/view.php?id=CVE-2022-35205
22 Aug 2023 — An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Se ha descubierto un problema en readelf de Binutils 2.38.50, el fallo de aserción alcanzable en la función display_debug_names permite a los atacantes provocar una denegación de servicio. It was discovered that GNU binutils was not properly performing checks when dealing with memory allocation operations, which could lead to excessive memory consump... • https://security.netapp.com/advisory/ntap-20231006-0010 • CWE-617: Reachable Assertion •

CVE-2022-35206
https://notcve.org/view.php?id=CVE-2022-35206
22 Aug 2023 — Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Vulnerabilidad de eliminación de referencia del puntero NULL en readelf de Binutils 2.38.50 a través de la función read_and_display_attr_value en el archivo dwarf.c. • https://sourceware.org/bugzilla/show_bug.cgi?id=29290 • CWE-476: NULL Pointer Dereference •