CVE-2026-4647
Severity
6.1MEDIUM
EPSS
0.0%
top 98.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 23
Description
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2
Affected Packages0 packages
Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0
🔴Vulnerability Details
3CVEList
▶
OSV▶
CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables↗2026-03-23
GHSA▶
GHSA-v858-p3pc-hqjh: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables↗2026-03-23
📋Vendor Advisories
3Red Hat
▶
Microsoft
▶
Debian▶
CVE-2026-4647: binutils - A flaw was found in the GNU Binutils BFD library, a widely used component for ha...↗2026
🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-4647 mingw-binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library [fedora-all]↗2026-03-23