lief@0.10.0 vulnerabilities

Library to instrument executable formats

  • latest version

    0.16.0

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    5 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the lief package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    lief is a LIEF - Library to Instrument Executable Formats.

    Affected versions of this package are vulnerable to Denial of Service (DoS). A malicious macho file can lead the LIEF::MachO::Parser::parse() function to segmentation fault.

    How to fix Denial of Service (DoS)?

    Upgrade lief to version 0.12.3 or higher.

    [,0.12.3)
    • H
    Heap-based Buffer Overflow

    lief is a LIEF - Library to Instrument Executable Formats.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind which allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.

    How to fix Heap-based Buffer Overflow?

    Upgrade lief to version 0.12.3 or higher.

    [,0.12.3)
    • M
    Denial of Service (DoS)

    lief is a LIEF - Library to Instrument Executable Formats.

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the LIEF::MachO::BinaryParser::init_and_parse function by allowing attackers to trigger a segmentation fault via a crafted MachO file.

    How to fix Denial of Service (DoS)?

    Upgrade lief to version 0.12.3 or higher.

    [0,0.12.3)
    • H
    Denial of Service (DoS)

    lief is a LIEF - Library to Instrument Executable Formats.

    Affected versions of this package are vulnerable to Denial of Service (DoS) via the LIEF::MachO::SegmentCommand::virtual_address function, due to segmentation fault caused by a crafted MachO file.

    How to fix Denial of Service (DoS)?

    Upgrade lief to version 0.12.3 or higher.

    [,0.12.3)
    • H
    Heap-based Buffer Overflow

    lief is a LIEF - Library to Instrument Executable Formats.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the function main located in pe_reader.c. It allows an attacker to cause Code Execution.

    How to fix Heap-based Buffer Overflow?

    Upgrade lief to version 0.11.0 or higher.

    [,0.11.0)