Aggregates CVE and security vulnerability intelligence across all libdwarf_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-2002 | A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. | [email protected] | 7.5 | 0.11% | 2024-03-18 | 2025-04-09 |
| CVE-2020-28163 | libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname. | [email protected] | 6.5 | 0.48% | 2023-04-16 | 2025-02-06 |
| CVE-2020-27545 | libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object. | [email protected] | 6.5 | 0.06% | 2023-04-16 | 2025-02-06 |
| CVE-2022-39170 | libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | [email protected] | 8.8 | 0.48% | 2022-09-02 | 2024-11-21 |
| CVE-2022-34299 | There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. | [email protected] | 8.1 | 0.29% | 2022-06-23 | 2024-11-21 |
| CVE-2022-32200 | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | [email protected] | 7.8 | 0.30% | 2022-06-02 | 2024-11-21 |
| CVE-2019-14249 | dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump. | [email protected] | 6.5 | 0.57% | 2019-07-24 | 2024-11-21 |
| CVE-2014-9482 | Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file. | [email protected] | 6.5 | 0.50% | 2018-01-16 | 2024-11-21 |
| CVE-2017-9998 | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | [email protected] | 6.5 | 0.35% | 2017-06-28 | 2026-05-13 |
| CVE-2015-8538 | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | [email protected] | 6.5 | 0.24% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9055 | An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | [email protected] | 9.8 | 0.40% | 2017-05-18 | 2026-05-13 |
| CVE-2017-9054 | An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. | [email protected] | 9.8 | 0.40% | 2017-05-18 | 2026-05-13 |
| CVE-2017-9053 | An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function). | [email protected] | 9.1 | 0.43% | 2017-05-18 | 2026-05-13 |
| CVE-2017-9052 | An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list(). | [email protected] | 9.8 | 0.92% | 2017-05-18 | 2026-05-13 |
| CVE-2016-5041 | dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. | [email protected] | 7.5 | 0.71% | 2017-04-10 | 2026-05-13 |
| CVE-2016-9276 | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | [email protected] | 7.5 | 1.19% | 2017-03-23 | 2026-05-13 |
| CVE-2016-9275 | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | [email protected] | 7.5 | 1.29% | 2017-03-23 | 2026-05-13 |
| CVE-2016-9558 | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | [email protected] | 9.8 | 2.68% | 2017-02-28 | 2026-05-13 |
| CVE-2016-5027 | dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. | [email protected] | 5.5 | 0.20% | 2017-02-24 | 2026-05-13 |
| CVE-2016-7511 | Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | [email protected] | 5.5 | 0.38% | 2017-02-17 | 2026-05-13 |