CVE-2014-8737
EPSS 0.07%Published: 12/9/2014Modified: 4/28/2026
Description
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Affected packages (2)
- Debian/binutilsfrom 0, < 2.24.90.20141124-1
- Debian/binutils-mingw-w64from 0, < 5.2