gnu binutils CVE Vulnerabilities (276)

CVEs: 276 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting gnu binutils (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 81100 of 276 CVEs
«« First « Prev Page 5 / 14 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2021-45078 stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. [email protected] 7.8 1.31% 2021-12-15 2026-06-17
CVE-2021-37322 GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. [email protected] 7.8 0.85% 2021-11-18 2026-06-17
CVE-2021-3530 A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash. [email protected] 7.5 2.40% 2021-06-02 2026-06-17
CVE-2021-3549 An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. [email protected] 7.1 0.97% 2021-05-26 2026-06-17
CVE-2021-20294 A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. [email protected] 7.8 3.41% 2021-04-29 2026-06-16
CVE-2021-20284 A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. [email protected] 5.5 1.29% 2021-03-26 2026-06-16
CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. [email protected] 6.3 0.31% 2021-03-26 2026-06-16
CVE-2020-35507 There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. [email protected] 5.5 1.23% 2021-01-04 2026-06-16
CVE-2020-35496 There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. [email protected] 5.5 1.14% 2021-01-04 2026-06-16
CVE-2020-35495 There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. [email protected] 5.5 1.16% 2021-01-04 2026-06-16
CVE-2020-35494 There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. [email protected] 6.1 1.07% 2021-01-04 2026-06-16
CVE-2020-35493 A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. [email protected] 5.5 1.13% 2021-01-04 2026-06-16
CVE-2020-35448 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. [email protected] 3.3 1.28% 2020-12-26 2026-06-16
CVE-2020-16599 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. [email protected] 5.5 1.04% 2020-12-09 2026-06-16
CVE-2020-16593 A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. [email protected] 5.5 1.18% 2020-12-09 2026-06-16
CVE-2020-16592 A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. [email protected] 5.5 1.05% 2020-12-09 2026-06-16
CVE-2020-16591 A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. [email protected] 5.5 0.88% 2020-12-09 2026-06-16
CVE-2020-16590 A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. [email protected] 5.5 0.94% 2020-12-09 2026-06-16
CVE-2019-17451 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. [email protected] 6.5 2.40% 2019-10-10 2026-06-16
CVE-2019-17450 find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. [email protected] 6.5 2.75% 2019-10-10 2026-06-16
«« First « Prev Page 5 / 14 Next »
cvelogic Threat Intelligence