In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfdgetl32 when called from the stripmain function in strip-new via a crafted file.
[
{
"source": "https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d",
"id": "CVE-2022-38533-030dfa08",
"digest": {
"length": 9712.0,
"function_hash": "332413297776313448966524875052800052334"
},
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "rewrite_elf_program_header",
"file": "bfd/elf.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d",
"id": "CVE-2022-38533-4c4cde53",
"digest": {
"threshold": 0.9,
"line_hashes": [
"149029473871860548324480604998133952444",
"217609173551310310701258569961425869215",
"170149309778449397640395391321816418642",
"276878819425846276782996098825930281545",
"285342024254011459145580660705584373775",
"193582763732123672908882155485252175318",
"326545393905433237533783410738096202383",
"171630553877019943542131362566125605853",
"97151495383958162279592705099216122242",
"159760987822494799654152448905034363825",
"188447099707096283713517930329545344975",
"115346637512579585538827543086618410391",
"148958682375105540849438615245377036104",
"334282771154434989938545715625292503862",
"200470558747012186253083602013113789716",
"317994894263218489511607831411065991293",
"333576098762843076370116196683673772989",
"113308214672171244127627810099081622751",
"216289576259920944867562733480758742111",
"6274354837222461728167765527342726382",
"316589153563028815703021731002519531157",
"211374570069147064785622022929958045782",
"121978540467834153128969542617947311091",
"233460274549642964130720797390166984736",
"24227899525747664508550420050172022363",
"43389512826083450321666401899542578199",
"78540512657816499386625671046541221854",
"92405140721940736828365406635137012229",
"195903870595619094245647509641833823164",
"26018002126362956748985910057494202814",
"60558764109962063115060689283559862721",
"145785861773677525490143483071625857014",
"69280688614020537965796673453902882072",
"197104975362241622506738961307226177470",
"109969443427133551028491353403782263251",
"72587751977253068134479550431661761011",
"216407608999525327096594962794988279519",
"110958967916851349800709545673230176103",
"135578896323735789101976436602008645630",
"247134669159655148214506783203143417105",
"116977621780461369488270776926728513871",
"201277095123555800430218466625895133318",
"101315680032148608188870605248272664788",
"237995433699584636544982915281963615200",
"166520691472516233675580165762862155569",
"79889505944332871469079795904011162282",
"277104911392485160768273061126561361984",
"114031204288805461549170748968117852145",
"257736362726639966511726425039544953975",
"284958034674804224588748958336540923669",
"78385707232226559543119066228460110850",
"86803042968252157858487167231857858297",
"279704641081398348362244377331773699264",
"254804579316186167639938463686432729495",
"156488139544942601607100351152523606018",
"90095446267817960699953989043588858569",
"54555557768444728467384872537941687139",
"298674768123171383535595905414419997357",
"298946376832001904026207322183664534677",
"328089739743281623750206950624881905373",
"213455958317866953110615591475286009519",
"90942058358003506028967061154097103033",
"8540962996678207674336472683613923711",
"109497982907299278275593735175649801020",
"134298070700315138175877407222283195204",
"289668094356811786687730422168093128680",
"117255194439813766018291315382750188739",
"306442360549080824806152076147541429863",
"142096752717261487482346100774694954735",
"29094393229654198769761434670410029958",
"267310887969248375746584359932751213812",
"182036334185516183399357340594074903760",
"76741422175086959351862212554688381890",
"215028612319009771390928586774464870573",
"114061119311383887559342956675820194912",
"174320445088955438644943171046813931213"
]
},
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "bfd/elf.c"
},
"signature_type": "Line"
}
]