Advisories for Pypi/Lief package

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.

A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF prior to version 0.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. A patch for this issue is available at commit fde2c48986739fabd2cf9b40b9af149a89c57850.

A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. A patch is available at commit number 24935f654f6df700a9a062298258b9485f584502.

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.

An issue was discovered in LIEF prior to version 0.11.0. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.