Filtered by vendor Elfutils Project Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-33294 1 Elfutils Project 1 Elfutils 2024-10-28 5.5 Medium
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
CVE-2020-21047 1 Elfutils Project 1 Elfutils 2024-10-07 5.5 Medium
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
CVE-2014-9447 2 Elfutils Project, Redhat 2 Elfutils, Enterprise Linux 2024-08-06 N/A
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
CVE-2014-0172 2 Elfutils Project, Redhat 2 Elfutils, Enterprise Linux 2024-08-06 N/A
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
CVE-2016-10255 1 Elfutils Project 1 Elfutils 2024-08-06 N/A
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
CVE-2016-10254 1 Elfutils Project 1 Elfutils 2024-08-06 N/A
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
CVE-2017-7612 3 Canonical, Debian, Elfutils Project 3 Ubuntu Linux, Debian Linux, Elfutils 2024-08-05 N/A
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7610 3 Canonical, Debian, Elfutils Project 3 Ubuntu Linux, Debian Linux, Elfutils 2024-08-05 N/A
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7611 3 Canonical, Debian, Elfutils Project 3 Ubuntu Linux, Debian Linux, Elfutils 2024-08-05 N/A
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7609 1 Elfutils Project 1 Elfutils 2024-08-05 N/A
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-7608 3 Canonical, Debian, Elfutils Project 3 Ubuntu Linux, Debian Linux, Elfutils 2024-08-05 N/A
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7613 3 Canonical, Debian, Elfutils Project 3 Ubuntu Linux, Debian Linux, Elfutils 2024-08-05 N/A
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-7607 1 Elfutils Project 1 Elfutils 2024-08-05 N/A
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2018-18521 5 Canonical, Debian, Elfutils Project and 2 more 9 Ubuntu Linux, Debian Linux, Elfutils and 6 more 2024-08-05 5.5 Medium
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVE-2018-18520 5 Canonical, Debian, Elfutils Project and 2 more 9 Ubuntu Linux, Debian Linux, Elfutils and 6 more 2024-08-05 6.5 Medium
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVE-2018-18310 5 Canonical, Debian, Elfutils Project and 2 more 9 Ubuntu Linux, Debian Linux, Elfutils and 6 more 2024-08-05 5.5 Medium
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
CVE-2018-16403 2 Elfutils Project, Redhat 3 Elfutils, Ansible Tower, Enterprise Linux 2024-08-05 N/A
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
CVE-2018-16402 5 Canonical, Debian, Elfutils Project and 2 more 10 Ubuntu Linux, Debian Linux, Elfutils and 7 more 2024-08-05 9.8 Critical
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVE-2018-16062 5 Canonical, Debian, Elfutils Project and 2 more 9 Ubuntu Linux, Debian Linux, Elfutils and 6 more 2024-08-05 5.5 Medium
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2018-8769 1 Elfutils Project 1 Elfutils 2024-08-05 N/A
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.