The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.The setup_group function in elf.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service via a group section that is too small.The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.The bfd_make_section_with_flags function in section.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor library , as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.