CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9939 – Ubuntu Security Notice USN-3367-1
https://notcve.org/view.php?id=CVE-2014-9939
21 Mar 2017 — ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. ihex.c en GNU Binutils en versiones anteriores a 2.26 contiene un desbordamiento de búfer en pila cuando imprime los bytes incorrectos en objetos Intel Hex. Hanno Bock discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb t... • http://www.openwall.com/lists/oss-security/2015/07/31/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7210 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7210
21 Mar 2017 — objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. objdump en GNU Binutils 2.28 es vulnerable a múltiples sobre lectura de búfer basado en memoria dinámica (de tamaño 1 y tamaño 8) mientras se manejan cadenas de tipo enum STABS corruptas en un archivo de objeto manipulado,lo que provoca un bloqueo del programa. USN-4336-1 fixed several vulnerabilities in ... • http://www.securityfocus.com/bid/96992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7209 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-7209
21 Mar 2017 — The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. La función dump_section_as_bytes en readelf en GNU Binutils 2.28 accede a un puntero NULL mientras lee el contenido de la sección en un binario corrupto, lo que provoca una caída del programa. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that... • http://www.securityfocus.com/bid/96994 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6966 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-6966
17 Mar 2017 — readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. Se ha descubierto un problema en includes/component.php en el plugin BuddyPress Docs en versiones anteriores a 1.9.3 para WordPress. Es posible que los usuarios autenticados puedan editar documentos de otros usuarios sin los permisos adecuados. USN-4336-1... • https://security.gentoo.org/glsa/201709-02 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6969 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-6969
17 Mar 2017 — readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. readelf en GNU Binutils 2.28 es vulnerable a una sobre lectura de búfer basada en memoria dinámica mientras procesa binarios RL78 corruptos. La vulnerabilidad puede desencadenar caídas del programa. También puede conducir a una fuga de información. • http://www.securityfocus.com/bid/97065 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6965 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-6965
17 Mar 2017 — readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. Se ha descubierto un problema en by-email/by-email.php en el plugin Invite Anyone en versiones anteriores a 1.3.15 para WordPress. Un usuario es capaz de cambiar al sujeto y el cuerpo del correo de invitación que debe ser inmutable, lo que facilita un ataque de ingeniería social. USN-4336-1 fixed several vulnerabilities in GNU binuti... • https://security.gentoo.org/glsa/201709-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 2CVE-2014-8738 – binutils: out of bounds memory write
https://notcve.org/view.php?id=CVE-2014-8738
14 Jan 2015 — The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive. La función _bfd_slurp_extended_name_table en bfd/archive.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura inválida, fallo de segmentación y caída) a través de una tabla extendida de nombres manipulada en un ar... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8485 – binutils: lack of range checking leading to controlled write in _bfd_elf_setup_sections()
https://notcve.org/view.php?id=CVE-2014-8485
09 Dec 2014 — The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. La función setup_group en bfd/elf.c en libbfd en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de cabeceras de grupo de sección manipuladas en un fichero ELF. A buffer overflow f... • http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8503 – binutils: stack overflow in objdump when parsing specially crafted ihex file
https://notcve.org/view.php?id=CVE-2014-8503
09 Dec 2014 — Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. Desbordamiento de buffer basado en pila en la función ihex_scan en bfd/ihex.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente tener otro impacto no especificado a través de un fichero ihex manipulado. A stack-ba... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2014-8501 – binutils: out-of-bounds write when parsing specially crafted PE executable
https://notcve.org/view.php?id=CVE-2014-8501
09 Dec 2014 — The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. La función _bfd_XXi_swap_aouthdr_in en bfd/peXXigen.c en GNU binutils 2.24 y anteriores permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango) y posiblemente tener otro impacto no especificado... • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •