Aggregates CVE and security vulnerability intelligence across all libdwarf_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, and vendor risk input validation and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-8750 | libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | [email protected] | 6.5 | 1.91% | 2017-02-13 | 2026-06-16 |
| CVE-2016-2050 | The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | [email protected] | 6.5 | 1.49% | 2017-01-31 | 2026-06-16 |
| CVE-2016-7410 | The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | [email protected] | 5.5 | 1.49% | 2017-01-23 | 2026-06-16 |
| CVE-2016-9480 | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. | [email protected] | 9.1 | 3.32% | 2016-11-29 | 2026-06-16 |
| CVE-2016-2091 | The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. | [email protected] | 3.3 | 0.91% | 2016-02-08 | 2026-06-16 |