These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-9558 is a critical integer-overflow flaw in libdwarf’s signed LEB handling. According to NVD, a crafted bit pattern in a signed LEB number can trigger a "negation overflow" in libdwarf/dwarf_leb.c and dwarfdump/print_frames.c, with versions before 2016-11-24 considered vulnerable. NVD scores the issue 9.8 (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), so teams that parse untrusted DWARF data sh [truncated]
CVE-2016-5027 is a denial-of-service vulnerability in libdwarf 20160115. When libdwarf processes a crafted ELF file, a flaw in dwarf_form.c can trigger a crash. NVD rates the issue Medium severity and assigns it to availability-only impact.
CVE-2016-7511 affects libdwarf 20160613 and involves an integer overflow in dwarf_die_deliv.c. According to NVD, a crafted file can trigger a denial of service by causing a crash. The issue is rated medium severity and is most relevant anywhere libdwarf is used to parse untrusted input.
CVE-2016-7510 affects libdwarf’s read_line_table_program function and can let a remote attacker trigger an out-of-bounds read when crafted input is parsed. The practical impact is denial of service, with the NVD rating this as medium severity (CVSS 6.5) and listing availability as the primary concern.
CVE-2016-5044 affects libdwarf's WRITE_UNALIGNED function in dwarf_elf_access.c and can cause a denial of service via an out-of-bounds write and crash when processing a crafted DWARF section. NVD maps the issue to CWE-787 and rates it HIGH with network-accessible, no-auth prerequisites. The affected version range in the NVD record ends before 2016-09-23.
CVE-2016-5043 is a denial-of-service vulnerability in libdwarf’s dwarf_dealloc function. According to NVD, libdwarf versions before 20160923 are affected, and crafted DWARF input can trigger an out-of-bounds read that leads to a crash. The official NVD record was published on 2017-02-17 and later modified on 2026-05-13; the supplied references show vendor/third-party advisory activity in May 2016.
CVE-2016-5042 is a denial-of-service issue in libdwarf before 20160923. A crafted DWARF section can cause dwarf_get_aranges_list to loop indefinitely and crash, which makes the flaw relevant anywhere untrusted DWARF data is parsed. The NVD record rates it HIGH (CVSS 7.5) with network attack vector and no privileges or user interaction required.
CVE-2016-5040 is a denial-of-service issue in libdwarf where a malformed compilation unit header with a large length value can trigger an out-of-bounds read and crash. The NVD record rates the issue High with CVSS 7.5 and identifies affected libdwarf versions before 2016-09-23.
CVE-2016-5039 is a high-severity out-of-bounds read in libdwarf’s get_attr_value path. When libdwarf processes a crafted object with all bits set, the flaw can trigger a denial of service. NVD lists affected libdwarf versions as ending before 2016-09-23, and the public references show the patch/advisory discussion was already public in May 2016, before the CVE record was published in February 2017.
CVE-2016-5038 is a memory-safety issue in libdwarf where crafted DWARF data can trigger an out-of-bounds read in dwarf_get_macro_startend_file (dwarf_macro5.c). NVD classifies the impact as denial of service and maps the weakness to CWE-125. The vulnerable range in NVD ends before libdwarf 2016-09-23, so upgrading to that release or later is the primary remediation.
CVE-2016-5037 is a denial-of-service vulnerability in libdwarf’s _dwarf_load_section function. According to NVD, a crafted file can trigger a NULL pointer dereference in affected versions before 20160923. The published CVSS 3.1 vector indicates remote attack conditions, no privileges required, but user interaction is needed to open or process the malicious file. The primary impact is availability loss rat [truncated]
CVE-2016-5036 is a high-severity libdwarf vulnerability in the dump_block function in print_sections.c. When libdwarf processes crafted frame data, the bug can trigger an out-of-bounds read and crash the program, resulting in denial of service. NVD rates the issue CVSS 3.1 7.5 (HIGH), with no privileges or user interaction required and availability impact only. The vulnerable version range in NVD ends bef [truncated]
CVE-2016-5035 affects libdwarf’s _dwarf_read_line_table_header function in dwarf_line_table_reader.c. A crafted file can trigger an out-of-bounds read and deny service to applications that parse the file, with NVD rating the issue as medium severity (CVSS 6.5).
CVE-2016-5034 is a denial-of-service vulnerability in libdwarf’s dwarf_elf_access.c. According to NVD and the CVE description, crafted input files can trigger an out-of-bounds write while processing relocation records. NVD maps the issue to CWE-787 and rates the impact as availability-only with network-reachable conditions requiring user interaction to open or process the file. The vulnerable version rang [truncated]
CVE-2016-5033 describes an out-of-bounds read in libdwarf’s print_exprloc_content function. According to NVD, a crafted file can trigger the issue in libdwarf versions before 2016-09-23, leading to a denial of service. The official severity is CVSS 6.5 (MEDIUM), with network reachability but user interaction required to process the malicious file.
CVE-2016-5032 is a denial-of-service issue in libdwarf’s dwarf_get_xu_hash_entry function. A crafted file can trigger a crash in vulnerable versions before 20160923, affecting systems that process untrusted DWARF-containing content.
CVE-2016-5031 is a denial-of-service issue in libdwarf’s print_frame_inst_bytes function. A crafted file can trigger an out-of-bounds read in affected versions of libdwarf before 2016-09-23, so any workflow that parses untrusted DWARF data should treat this as a reliability risk.
CVE-2016-5030 is a denial-of-service issue in libdwarf. When libdwarf processes a crafted file, the _dwarf_calculate_info_section_end_ptr function can hit a NULL pointer dereference and crash the application. The vulnerability is documented by NVD as affecting libdwarf versions before 2016-09-23.
CVE-2016-5029 describes a denial-of-service flaw in libdwarf before 20160923. A crafted DWARF file can trigger a NULL pointer dereference in create_fullest_file_path, allowing remote attackers to crash affected software. NVD classifies the issue as CVSS 6.5 with availability impact only.
CVE-2016-5028 is a denial-of-service vulnerability in libdwarf before 20160923. According to the NVD record, the issue is a NULL pointer dereference in print_frame_inst_bytes that can be triggered by an object file with empty bss-like sections. The impact is availability-only, with CVSS 3.1 scoring showing Network attack vector, low attack complexity, no privileges required, user interaction required, and [truncated]
CVE-2016-8681 is a denial-of-service issue in libdwarf 20161001 and earlier. Per the NVD record, a crafted file processed by dwarfdump can trigger an out-of-bounds read (CWE-125), with the CVSS vector indicating the realistic attack path is user-assisted handling of attacker-controlled input.
CVE-2016-8680 is a denial-of-service vulnerability in libdwarf's dwarfdump tooling. A crafted file can trigger an out-of-bounds read in _dwarf_get_abbrev_for_code within dwarf_util.c, affecting libdwarf 20161001 and earlier. The official NVD record rates the issue as medium severity and notes that successful triggering requires user interaction with a malicious file.
CVE-2016-8679 affects Libdwarf before 20161124. A crafted file processed by the dwarfdump command can trigger an out-of-bounds read in _dwarf_get_size_of_val, leading to denial of service. The issue was published by CVE on 2017-02-15, with NVD later updating the record on 2026-05-13.
CVE-2015-8750 is a denial-of-service vulnerability in libdwarf 20151114 and earlier. According to NVD, a remote attacker can trigger a NULL pointer dereference and crash by supplying an ELF file whose debug_abbrev section is marked NOBITS. The issue is classified as CWE-476 and has a CVSS v3.1 score of 6.5 (Medium), reflecting network attack conditions but requiring user interaction to process the malicious file.
CVE-2016-2050 is a denial-of-service vulnerability in libdwarf-20151114. According to NVD, a crafted ELF file can trigger an out-of-bounds write in get_abbrev_array_info, which can crash or otherwise disrupt applications that parse attacker-controlled ELF content.
CVE-2016-7410 affects libdwarf 20160613 and can cause a denial of service through a buffer over-read in _dwarf_read_loc_section while processing a crafted file. The issue is mapped to CWE-125 and carries a CVSS 3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Public references in OSS-Security predate the NVD publication, indicating the issue was discussed before the CVE record was published on 2017-01-23.
