SB2014122318 - Fedora 21 update for mingw-binutils

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014122318

SB2014122318 - Fedora 21 update for mingw-binutils

Published: December 23, 2014 Updated: April 24, 2025

Security Bulletin ID SB2014122318
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2014-8501)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.


2) Heap-based buffer overflow (CVE-ID: CVE-2014-8502)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier. A remote attacker can use a truncated export table in a PE file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Stack-based buffer overflow (CVE-ID: CVE-2014-8503)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the ihex_scan function in bfd/ihex.c when processing a crafted ihex file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Stack-based buffer overflow (CVE-ID: CVE-2014-8504)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the srec_scan function in bfd/srec.c when processing a crafted file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References