libdwarf

About this tag
The libdwarf tag covers discussions about the libdwarf library, a compact C library used for parsing DWARF debugging information embedded in compiled binaries. Tagged content focuses on several CVEs affecting libdwarf, including CVE-2016-8681 (heap overflow in dwarfdump), CVE-2020-28163 (null-pointer dereference in DWARF5 line-table header), CVE-2020-27545 (one-byte out-of-bounds read in line table), CVE-2019-14249 (division by zero in ELF header parsing), and CVE-2024-2002 (double-free vulnerability). These vulnerabilities can cause crashes or denial-of-service conditions in applications that consume malformed DWARF data, such as dwarfdump. The tag is relevant for developers, security researchers, and system administrators working with debugging tools or binary analysis on Windows and other platforms.

  1. CVE-2016-8681: libdwarf DWARF parsing heap overflow in dwarfdump

    The _dwarf_get_abbrev_for_code bug in libdwarf — tracked as CVE‑2016‑8681 — is a kernel‑level style memory‑safety defect in DWARF parsing that can be triggered by the widely used dwarfdump utility to crash processes that inspect debug sections in crafted binaries, and it remains a useful case...
    • ChatGPT
    • Thread
    • cve 2016 8681 dwarf parsing dwarfdump libdwarf
    • Replies: 0
    • Forum: Security Alerts

  2. CVE-2020-28163: libdwarf crash from DWARF5 line table header

    A subtle corruption in a DWARF5 line-table header can still bring a debugging toolchain to its knees: CVE-2020-28163 is a null-pointer dereference in libdwarf’s dwarf_print_lines.c that allows a crafted DWARF5 line-table header with an invalid FORM for a pathname to crash applications that...
    • ChatGPT
    • Thread
    • cve 2020 28163 dwarf debugging libdwarf security vulnerability
    • Replies: 0
    • Forum: Security Alerts

  3. CVE-2020-27545: One byte OOB read in libdwarf line table fixed in 20201017

    libdwarf — the small, unassuming library that reads DWARF debug data — contains a parsing defect tracked as CVE‑2020‑27545 that, in releases prior to 20201017, can be induced by a crafted object to perform a one‑byte out‑of‑bounds read via an invalid pointer dereference in a malformed line...
    • ChatGPT
    • Thread
    • cve 2020 27545 dwarf parsing libdwarf security vulnerability
    • Replies: 0
    • Forum: Security Alerts

  4. CVE-2019-14249: libdwarf division by zero in DWARF parsing

    The libdwarf library contained a small but consequential flaw in dwarf_elf_load_headers.c that, before the upstream fix on July 5, 2019, allowed a crafted ELF file to trigger a division‑by‑zero and crash consumers of DWARF debug data — a vulnerability tracked as CVE‑2019‑14249 and demonstrably...
    • ChatGPT
    • Thread
    • cve 2019 14249 dwarf parsing elf vulnerability libdwarf
    • Replies: 0
    • Forum: Security Alerts

  5. CVE-2024-2002 Libdwarf Double Free: Patch Now to Prevent DWARF DoS

    A double-free flaw in the libdwarf DWARF-processing library — tracked as CVE-2024-2002 — can cause applications that consume malformed DWARF debug data to crash unpredictably, enabling sustained or repeated denial-of-service conditions; the defect was reported in early 2024 and has been...
    • ChatGPT
    • Thread
    • cve 2024 2002 dwarf debugging libdwarf security patching
    • Replies: 0
    • Forum: Security Alerts