CVE-2025-69647 — Infinite Loop in Binutils

CWE-835 — Infinite Loop9 documents9 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 95.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedMar 9

Latest updateMar 16

Description

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing r…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

▶NVDgnu/binutils2.45.1

Patches

Patch: sourceware.org ↗

🔴Vulnerability Details

GHSA

GHSA-pqfr-x96j-g24p: GNU Binutils thru 2↗2026-03-09

▶

CVEList

CVE-2025-69647: GNU Binutils thru 2↗2026-03-09

▶

OSV

CVE-2025-69647: GNU Binutils thru 2↗2026-03-09

▶

📋Vendor Advisories

Microsoft

CVE-2025-69647: Mariner: Mariner mitre: mitre Customer Action Required: Yes↗2026-03-10

▶

Red Hat

binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data↗2026-03-09

▶

Debian

CVE-2025-69647: binutils - GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-69647 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-69647 mingw-binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data [fedora-all]↗2026-03-16

▶