davea42/libdwarf-code

GitHub

github.com

Releases109

Frequency1 month 2 weeks

Last Release 4 months ago

Stars255

Contains source for libdwarf, a library for reading DWARF2 and later DWARF. Contains source to create dwarfdump, a program which prints DWARF2 and later DWARF in readable format. Has a very limited DWARF writer set of functions in libdwarfp (producer library). Builds using GNU configure, meson, or cmake.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-31745 ↗	Apr 19, 2024Friday, 19 April 2024, 13:15	—	—
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate is a duplicate of CVE-2024-2002. Notes: All CVE users should reference CVE-2024-2002 instead of this candidate.
CVE-2024-2002 ↗	Mar 18, 2024Monday, 18 March 2024, 13:15	7.5 HIGH	—
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
CVE-2020-27545 ↗	Apr 16, 2023Sunday, 16 April 2023, 00:15	6.5 MEDIUM	—
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
CVE-2020-28163 ↗	Apr 16, 2023Sunday, 16 April 2023, 00:15	6.5 MEDIUM	—
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
CVE-2022-34299 ↗	Jun 23, 2022Thursday, 23 June 2022, 17:15	8.1 HIGH	5.8 MEDIUM
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
CVE-2022-32200 ↗	Jun 2, 2022Thursday, 2 June 2022, 14:16	7.8 HIGH	6.8 MEDIUM
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.