CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27545
https://notcve.org/view.php?id=CVE-2020-27545
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. • http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf https://bugzilla.redhat.com/show_bug.cgi?id=2025694 https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea https://sourceforge.net/projects/libdwarf https://www.prevanders.net/dwarfbug.html#DW202010-001 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28163
https://notcve.org/view.php?id=CVE-2020-28163
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. • http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf https://bugzilla.redhat.com/show_bug.cgi?id=2026000 https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3 https://www.prevanders.net/dwarfbug.html#DW202010-003 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39170
https://notcve.org/view.php?id=CVE-2022-39170
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. libdwarf versión 0.4.1, presenta una doble liberación en la función _dwarf_exec_frame_instr en el archivo dwarf_frame.c • https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8 https://github.com/davea42/libdwarf-code/issues/132 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14249
https://notcve.org/view.php?id=CVE-2019-14249
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump. En el archivo dwarf_elf_load_headers.c en libdwarf antes del 05-07-2019 permite a los atacantes causar una denegación de servicio (división por cero) por medio de un archivo ELF con un grupo de sección de tamaño cero (SHT_GROUP), como es demostrado por dwarfdump. • http://www.securityfocus.com/bid/109380 https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599 https://sourceforge.net/p/libdwarf/code/merge-requests/4 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8681
https://notcve.org/view.php?id=CVE-2016-8681
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. La función _dwarf_get_abbrev_for_code en dwarf_util.c en libdwarf 20161001 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) llamando al comando dwarfdump en un archivo manipulado. • http://www.openwall.com/lists/oss-security/2016/10/16/5 http://www.securityfocus.com/bid/93592 https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2 https://bugzilla.redhat.com/show_bug.cgi?id=1385690 • CWE-125: Out-of-bounds Read •