Cumulative bugfix for IDA

Cumulative fix of potentially critical bugs found in IDA

  1. Vulnerability in the WinDbg debugger module, reported by –undisclosed– on 2011-04-10 at 01:58. A specially crafted idb file could lead to launching debugger on any file. This affects early copies of 6.1 running on MS Windows.

  2. Potential vulnerability in qrealloc() and qrealloc_or_throw(), reported by Masaaki Chida on 2011-04-20 at 17:58. We provide a fix for v6.1

  3. Vulnerability in idapython, reported by Greg MacManus on 2012-03-19 at 19:50. IDA could load some scripts with predetermined names from the directory with the input file. We provide fixes for both 6.1 and 6.2

  4. Vulnerability in the btree database engine triggered by a specially malformed database. We do not have POC code and it is not very likely that the vulnerability is exploitable, but we publish this fix anyway. The vulnerability was reported by Corey Kallenberg on 2012-04-09 at 18:44. We provide fixes for all versions >= 6.1 (we updated this fix on 2013-05-29; it would erroneously complain about some databases)

  5. Vulnerability in the .net processor module triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-07 at 01:33. We provide a fix for v6.3 and v6.4

  6. Vulnerability in the windbg plugin triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-15 at 19:14. We provide a fix for v6.4

  7. Vulnerability in the hint calculation triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-21 at 11:13. We provide a fix for v6.4

  8. Vulnerability in the mach-o loader triggered by a specially crafted input file. The vulnerability was reported by George Hotz on 2014-01-05 at 01:07. We provide a fix for IDA version v6.4. IDA v6.5 build 140115 includes the fix, so there is no need in a separate fix for it.

  9. Vulnerability in the kernel triggered by a specially malformed database. The TIL part of the malformed database could be used to trigger the vulnerability. The vulnerability was reported by Tadashi Kobayashi on 2014-06-09 at 17:52. We provide a fix for v6.5 and v6.6.

  10. qrealloc() could manage to allocate 0xDEADBEEF bytes on Linux64. This value was used to force a std:bad_alloc() exception, and a successful memory allocation was not what other parts of IDA were expecting. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.

  11. COFF: maliciously truncated symbol table could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.

  12. EPOC: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.

  13. DEX: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.

  14. PEF: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.

  15. EPOC, ELF, PE: a specially crafted input file could lead to a memory corruption. These bugs were reported by Robert Święcki on 2014-11-19 at 23:34.

  16. A double free() call in the kernel could be triggered with a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.

  17. A double free() call the .net loader could be triggered with a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.

  18. DEX: a classical stack buffer overflow could occur when loading a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.

  19. PE: a specially crafted input file could lead to a memory corruption. The bug was reported by Robert Święcki on 2014-12-03 at 01:59.

  20. GDB: a malicious gdbserver could cause a heap buffer overflow. The bug was reported by George Nosenko on 2014-12-19 at 20:15.

  21. Heap corruption bug in the COFF loader. The bug was reported by Mateusz Jurczyk on 2015-01-08 at 20:48.

  22. Format string vulnerability in the COFF loader. The bug was reported by Mateusz Jurczyk on 2015-01-08 at 20:48.

  23. 4 bugs in the rpc protocol between IDA and debugger servers. The bugs were reported by Mateusz Jurczyk on 2015-01-14 at 12:08.

  24. 3 bugs causing memory corruptions when handling a broken B-tree. The bugs were reported by Mateusz Jurczyk on 2015-01-27 at 21:08.

  25. Incorrect number of function entries in the database could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.

  26. Overflow of an array bounds when generating a disassembly line caused by a corrupted database. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.

  27. ARM: overflow of an array bounds in the case of incorrect IT block descriptor in the database. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.

  28. PE: a specially crafted input file could lead to a heap corruption. We provide a fix for v6.8. The bug was reported by Mateusz Jurczyk on 2015-11-17 at 14:36.

  29. PE: a specially crafted input file could lead to a static buffer overflow. We provide a fix for v6.8. The bug was reported by Mateusz Jurczyk on 2015-11-17 at 14:36.

  30. IDA was rendering text as HTML without sanitizing it. While this is does not lead to RCE, we will consider this as a security bug and provide a fix for v7.2. The bug was reported by Ryota Shiga on 2019-01-29 at 06:53.

  31. A malicious client could invoke commands on a password-protected debug server without a password. We provide fixes for IDA 7.0 to 7.4. The bug was reported by Ryota Shiga on 2019-11-14 at 10:09.

  32. The DWARF plugin could perform a use-after-free during stack unwinding, on some DWARF input files. We provide a fix only for IDA 7.5. The bug was reported by Axel ‘0vercl0k’ Souchet on 2020-07-31.

  33. The DWARF plugin could perform a use-after-free during stack unwinding, on some DWARF input files. The dwarf library had out-of-bound memory accesses. We provide a fix only for IDA 7.5. The bug was reported by Axel ‘0vercl0k’ Souchet on 2020-08-06.

  34. Multiple bugs in libdwarf. The bugs were reported by Lei Sun of Ocean University of China on 2020-09-05. We provide a fix only for IDA 7.5.

  35. A dereference of a wild pointer when reading corrupted pdb files. The bug was reported by Axel ‘0vercl0k’ Souchet on 2020-09-08. We provide a fix only for IDA 7.5.

  36. A double-free vulnerability in libdwarf. The bug was reported by bee13oy of Kunlun Lab. We provide a fix only for IDA 7.7

Last updated

Logo

Need Help?

FAQsSupport

Community

ForumPlugins

© 2025 Copyright Hex-Rays