Lief Project

lief-project

11 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-15504 1Lief Project 1Lief Apr 29, 2026 Jan 10, 2026 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation resul...Show more A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.Show less
CVE-2024-31636 1Lief Project 1Lief Aug 21, 2025 May 3, 2024 N/A· v4 3.9 LOW· v3 N/A· v2 An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
CVE-2022-43171 1Lief Project 1Lief Apr 29, 2025 Nov 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
CVE-2022-40922 1Lief Project 1Lief Nov 21, 2024 Oct 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
CVE-2022-40923 1Lief Project 1Lief May 20, 2025 Sep 30, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
CVE-2022-38497 1Lief Project 1Lief Nov 21, 2024 Sep 13, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.
CVE-2022-38496 1Lief Project 1Lief Nov 21, 2024 Sep 13, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.
CVE-2022-38495 1Lief Project 1Lief Nov 21, 2024 Sep 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.
CVE-2022-38307 1Lief Project 1Lief Nov 21, 2024 Sep 13, 2022 N/A· v4 5.5 MEDIUM· v3 N/A· v2 LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
CVE-2022-38306 1Lief Project 1Lief Nov 21, 2024 Sep 13, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.
CVE-2021-32297 1Lief Project 1Lief Nov 21, 2024 Sep 20, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.