Published: 09/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
gnu binutils
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19

Synopsis Moderate: binutils security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated binutils packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated this ...

Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file ...

Multiple security issues have been found in binutils, a toolbox for binary file manipulation These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service For ...

A directory traversal flaw was found in the strip and objcopy utilities A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities A buffer overflow flaw was found in the way various binutils utilities processed certain files If a user were tricked into processing a ...

A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application ...

CWE-119 http://www.openwall.com/lists/oss-security/2014/10/27/5 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://www.openwall.com/lists/oss-security/2014/10/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1162621 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html https://sourceware.org/bugzilla/show_bug.cgi?id=17510 http://www.openwall.com/lists/oss-security/2014/10/27/4 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://www.securityfocus.com/bid/70761 https://security.gentoo.org/glsa/201612-24 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=708d7d0d11f0f2d776171979aa3479e8e12a38a0 https://access.redhat.com/errata/RHSA-2015:2079 https://usn.ubuntu.com/2496-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-8504

CVE-2014-8504

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect