Libdwarf Project: >> Libdwarf Security Vulnerabilities
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-03-18
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-16
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-16
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-02
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-06-23
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-06-02
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-07-24
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-01-16
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-06-28
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CVSS Score
6.5
EPSS Score
0.004
Published
2017-06-07
Page 1