FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GNU binutils -- multiple vulnerabilities

Affected packages
cross-binutils < 2.25
x86_64-pc-mingw32-binutils < 2.25
m6811-binutils < 2.25

Details

VuXML ID f6a014cd-d268-11e4-8339-001e679db764
Discovery 2014-12-09
Entry 2015-03-24
Modified 2016-01-08

US-CERT/NIST reports:

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

US-CERT/NIST reports:

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

US-CERT/NIST reports:

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

References

CVE Name CVE-2014-8501
CVE Name CVE-2014-8502
CVE Name CVE-2014-8503
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503