libdwarf

The _dwarf_get_abbrev_for_code bug in libdwarf — tracked as CVE‑2016‑8681 — is a kernel‑level style memory‑safety defect in DWARF parsing that can be triggered by the widely used dwarfdump utility to crash processes that inspect debug sections in crafted binaries, and it remains a useful case...

A subtle corruption in a DWARF5 line-table header can still bring a debugging toolchain to its knees: CVE-2020-28163 is a null-pointer dereference in libdwarf’s dwarf_print_lines.c that allows a crafted DWARF5 line-table header with an invalid FORM for a pathname to crash applications that...

libdwarf — the small, unassuming library that reads DWARF debug data — contains a parsing defect tracked as CVE‑2020‑27545 that, in releases prior to 20201017, can be induced by a crafted object to perform a one‑byte out‑of‑bounds read via an invalid pointer dereference in a malformed line...

The libdwarf library contained a small but consequential flaw in dwarf_elf_load_headers.c that, before the upstream fix on July 5, 2019, allowed a crafted ELF file to trigger a division‑by‑zero and crash consumers of DWARF debug data — a vulnerability tracked as CVE‑2019‑14249 and demonstrably...

A double-free flaw in the libdwarf DWARF-processing library — tracked as CVE-2024-2002 — can cause applications that consume malformed DWARF debug data to crash unpredictably, enabling sustained or repeated denial-of-service conditions; the defect was reported in early 2024 and has been...