CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-7569 – binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library
https://notcve.org/view.php?id=CVE-2018-7569
28 Feb 2018 — dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. dwarf2.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o subdesbordamiento ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7570 – Gentoo Linux Security Advisory 201811-17
https://notcve.org/view.php?id=CVE-2018-7570
28 Feb 2018 — The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. La función assign_file_positions_for_non_load_sections en elf.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se d... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-18201 – libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c
https://notcve.org/view.php?id=CVE-2017-18201
26 Feb 2018 — An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. Se ha descubierto un problema en versiones anteriores a la 2.0.0 de GNU libcdio. Hay una doble liberación (double free) en get_cdtext_generic() en lib/driver/_cdio_generic.c. A double-free flaw was found in the way libcdio handled processing of ISO files. • http://www.securityfocus.com/bid/103190 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18199 – libcdio: NULL pointer dereference in realloc_symlink in rock.c
https://notcve.org/view.php?id=CVE-2017-18199
24 Feb 2018 — realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado. A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to ... • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18198 – libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
https://notcve.org/view.php?id=CVE-2017-18198
24 Feb 2018 — print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso mod... • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-7208 – binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file
https://notcve.org/view.php?id=CVE-2018-7208
18 Feb 2018 — In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. En la función coff_pointerize_aux en coffgen.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GN... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-6951 – Gentoo Linux Security Advisory 201904-17
https://notcve.org/view.php?id=CVE-2018-6951
13 Feb 2018 — An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. Se ha descubierto un problema hasta la versión 2.7.6 de GNU patch. Hay un fallo de segmentación, asociado con una desreferencia de puntero NULL, que conduce a una denegación de servicio (DoS) en la función intuit_diff_type en pch.c. Esto también se conoce como problema "mangled re... • http://www.securityfocus.com/bid/103044 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10713 – patch: Out-of-bounds access in pch_write_line function in pch.c
https://notcve.org/view.php?id=CVE-2016-10713
13 Feb 2018 — An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Se ha descubierto un problema en versiones anteriores a la 2.7.6 de GNU patch. El acceso fuera de límites en pch_write_line() en pch.c puede conducir a DoS mediante un archivo de entradas manipulado. A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. • http://www.securityfocus.com/bid/103063 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-6952 – patch: Double free of memory in pch.c:another_hunk() causes a crash
https://notcve.org/view.php?id=CVE-2018-6952
13 Feb 2018 — A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Existe una doble liberación (double free) en la función another_hunk en pch.c en GNU patch hasta la versión 2.7.6. A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches. The patch program applies diff files to originals. • http://www.securityfocus.com/bid/103047 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6872 – Gentoo Linux Security Advisory 201811-17
https://notcve.org/view.php?id=CVE-2018-6872
09 Feb 2018 — The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. La función elf_parse_notes en elf.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límite... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html • CWE-125: Out-of-bounds Read •