Aggregates CVE and security vulnerability intelligence across all elfutils_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk input validation, and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-16062 | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | [email protected] | 5.5 | 0.09% | 2018-08-29 | 2024-11-21 |
| CVE-2018-8769 | elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. | [email protected] | 7.8 | 0.17% | 2018-03-18 | 2024-11-21 |
| CVE-2017-7613 | elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | [email protected] | 5.5 | 0.61% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7612 | The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | [email protected] | 5.5 | 0.51% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7611 | The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | [email protected] | 5.5 | 0.30% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7610 | The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | [email protected] | 5.5 | 0.51% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7609 | elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | [email protected] | 5.5 | 0.22% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7608 | The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | [email protected] | 5.5 | 0.24% | 2017-04-09 | 2026-05-13 |
| CVE-2017-7607 | The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | [email protected] | 5.5 | 0.34% | 2017-04-09 | 2026-05-13 |
| CVE-2016-10255 | The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. | [email protected] | 5.5 | 0.51% | 2017-03-23 | 2026-05-13 |
| CVE-2016-10254 | The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. | [email protected] | 5.5 | 0.60% | 2017-03-23 | 2026-05-13 |
| CVE-2014-9447 | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. | [email protected] | 6.4 | 3.52% | 2015-01-02 | 2026-05-06 |
| CVE-2014-0172 | Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. | [email protected] | 6.8 | 1.83% | 2014-04-11 | 2026-05-06 |