Libdwarf

libdwarf

CVEs (45)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-2002 3Fedoraproject Libdwarf ProjectRedhat 3Enterprise Linux FedoraLibdwarf Apr 9, 2025 Mar 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
CVE-2020-28163 1Libdwarf Project 1Libdwarf Feb 6, 2025 Apr 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
CVE-2020-27545 1Libdwarf Project 1Libdwarf Feb 6, 2025 Apr 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
CVE-2022-39170 2Fedoraproject Libdwarf Project 2Fedora Libdwarf Nov 21, 2024 Sep 2, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
CVE-2022-34299 1Libdwarf Project 1Libdwarf Nov 21, 2024 Jun 23, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
CVE-2022-32200 1Libdwarf Project 1Libdwarf Nov 21, 2024 Jun 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
CVE-2019-14249 1Libdwarf Project 1Libdwarf Nov 21, 2024 Jul 24, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2014-9482 1Libdwarf Project 1Libdwarf Nov 21, 2024 Jan 16, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.
CVE-2017-9998 1Libdwarf Project 1Libdwarf May 13, 2026 Jun 28, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2015-8538 1Libdwarf Project 1Libdwarf May 13, 2026 Jun 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CVE-2017-9055 1Libdwarf Project 1Libdwarf May 13, 2026 May 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
CVE-2017-9054 1Libdwarf Project 1Libdwarf May 13, 2026 May 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer...Show more An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.Show less
CVE-2017-9053 1Libdwarf Project 1Libdwarf May 13, 2026 May 18, 2017 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this...Show more An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).Show less
CVE-2017-9052 1Libdwarf Project 1Libdwarf May 13, 2026 May 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function...Show more An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().Show less
CVE-2016-5041 1Libdwarf Project 1Libdwarf May 13, 2026 Apr 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
CVE-2016-9276 1Libdwarf Project 1Libdwarf May 13, 2026 Mar 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
CVE-2016-9275 1Libdwarf Project 1Libdwarf May 13, 2026 Mar 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
CVE-2016-9558 1Libdwarf Project 1Libdwarf May 13, 2026 Feb 28, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
CVE-2016-5027 1Libdwarf Project 1Libdwarf May 13, 2026 Feb 24, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.
CVE-2016-7511 1Libdwarf Project 1Libdwarf May 13, 2026 Feb 17, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.

12 3 Next