CVE-2018-7570
https://notcve.org/view.php?id=CVE-2018-7570
The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. La función assign_file_positions_for_non_load_sections en elf.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante un archivo ELF con un segmento RELRO que carece de un segmento LOAD que coincida, tal y como demuestra objcopy. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22881 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=01f7e10cf2dcf403462b2feed06c43135651556d • CWE-476: NULL Pointer Dereference •
CVE-2018-7568 – binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
https://notcve.org/view.php?id=CVE-2018-7568
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. La función parse_die en dwarf1.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y cierre inesperado de la aplicación) mediante un archivo ELF con información de depuración corrupta, tal y como demuestra nm. An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22894 https://access.redhat.com/security/cve/CVE-2018-7568 https://bugzilla.redhat.com/show_bug.cgi?id=1551771 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18201 – libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c
https://notcve.org/view.php?id=CVE-2017-18201
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. Se ha descubierto un problema en versiones anteriores a la 2.0.0 de GNU libcdio. Hay una doble liberación (double free) en get_cdtext_generic() en lib/driver/_cdio_generic.c. A double-free flaw was found in the way libcdio handled processing of ISO files. • http://www.securityfocus.com/bid/103190 https://access.redhat.com/errata/RHSA-2018:3246 https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d https://access.redhat.com/security/cve/CVE-2017-18201 https://bugzilla.redhat.com/show_bug.cgi?id=1549707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVE-2017-18198 – libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
https://notcve.org/view.php?id=CVE-2017-18198
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso modificado. A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS. • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz http://www.securityfocus.com/bid/103200 https://access.redhat.com/errata/RHSA-2018:3246 https://savannah.gnu.org/bugs/?52265 https://access.redhat.com/security/cve/CVE-2017-18198 https://bugzilla.redhat.com/show_bug.cgi?id=1549644 • CWE-125: Out-of-bounds Read •
CVE-2017-18199 – libcdio: NULL pointer dereference in realloc_symlink in rock.c
https://notcve.org/view.php?id=CVE-2017-18199
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado. A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files. • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz http://www.securityfocus.com/bid/103202 https://access.redhat.com/errata/RHSA-2018:3246 https://savannah.gnu.org/bugs/?52264 https://access.redhat.com/security/cve/CVE-2017-18199 https://bugzilla.redhat.com/show_bug.cgi?id=1549701 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •