A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
Max CVSS
7.5
EPSS Score
0.05%
Published
2024-03-18
Updated
2024-03-18
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
Max CVSS
8.8
EPSS Score
0.17%
Published
2022-09-02
Updated
2022-09-29
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
Max CVSS
8.1
EPSS Score
0.19%
Published
2022-06-23
Updated
2022-06-29
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
Max CVSS
7.8
EPSS Score
0.10%
Published
2022-06-02
Updated
2022-06-10
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-04-16
Updated
2023-04-26
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-04-16
Updated
2023-04-26
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
Max CVSS
6.5
EPSS Score
0.25%
Published
2019-07-24
Updated
2019-08-05
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-06-28
Updated
2022-03-01
An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-05-18
Updated
2022-03-01
An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-05-18
Updated
2022-03-01
An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).
Max CVSS
9.1
EPSS Score
0.22%
Published
2017-05-18
Updated
2022-03-01
An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
Max CVSS
9.8
EPSS Score
0.23%
Published
2017-05-18
Updated
2019-10-18
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
Max CVSS
9.8
EPSS Score
1.28%
Published
2017-02-28
Updated
2022-03-01
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
Max CVSS
9.1
EPSS Score
0.47%
Published
2016-11-29
Updated
2016-12-22
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
Max CVSS
7.5
EPSS Score
0.59%
Published
2017-03-23
Updated
2022-03-01
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
Max CVSS
7.5
EPSS Score
0.65%
Published
2017-03-23
Updated
2022-03-01
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
Max CVSS
5.5
EPSS Score
0.14%
Published
2017-02-15
Updated
2020-06-11
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
Max CVSS
6.5
EPSS Score
0.25%
Published
2017-02-15
Updated
2022-03-01
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
Max CVSS
6.5
EPSS Score
0.12%
Published
2017-02-15
Updated
2022-03-01
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
Max CVSS
5.5
EPSS Score
0.13%
Published
2017-02-17
Updated
2022-03-01
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
Max CVSS
6.5
EPSS Score
0.12%
Published
2017-02-17
Updated
2022-03-01
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-01-23
Updated
2022-04-11
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-02-17
Updated
2022-03-01
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.
Max CVSS
7.5
EPSS Score
0.14%
Published
2017-02-17
Updated
2022-03-01
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-02-17
Updated
2022-03-01
45 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!