Debian Binutils vulnerabilities

CVE-2026-3442 [MEDIUM] CVE-2026-3442: binutils - A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overfl... A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the applicatio

CVE-2026-3441 [MEDIUM] CVE-2026-3441: binutils - A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability,... A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application le

CVE-2026-4647 [MEDIUM] CVE-2026-4647: binutils - A flaw was found in the GNU Binutils BFD library, a widely used component for ha... A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result,

CVE-2025-69650 [HIGH] CVE-2025-69650: binutils - GNU Binutils thru 2.46 readelf contains a double free vulnerability when process... GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a doubl

CVE-2025-1149 [LOW] CVE-2025-1149: binutils - A vulnerability was found in GNU Binutils 2.43. It has been classified as proble... A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been

CVE-2025-1180 [LOW] CVE-2025-1180: binutils - A vulnerability classified as problematic has been found in GNU Binutils 2.43. T... A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult.

CVE-2025-66865 [HIGH] CVE-2025-66865: binutils - An issue was discovered in function d_print_comp_inner in file cp-demangle.c in ... An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-8224 [MEDIUM] CVE-2025-8224: binutils - A vulnerability has been found in GNU Binutils 2.44 and classified as problemati... A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The

CVE-2025-66866 [HIGH] CVE-2025-66866: binutils - An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils... An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-66864 [HIGH] CVE-2025-66864: binutils - An issue was discovered in function d_print_comp_inner in file cp-demangle.c in ... An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-8225 [MEDIUM] CVE-2025-8225: binutils - A vulnerability was found in GNU Binutils 2.44 and classified as problematic. Th... A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to

CVE-2025-11495 [MEDIUM] CVE-2025-11495: binutils - A vulnerability was determined in GNU Binutils 2.45. The affected element is the... A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f

CVE-2025-5245 [MEDIUM] CVE-2025-5245: binutils - A vulnerability classified as critical has been found in GNU Binutils up to 2.44... A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a

CVE-2025-1147 [LOW] CVE-2025-1147: binutils - A vulnerability has been found in GNU Binutils 2.43 and classified as problemati... A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation a

CVE-2025-11840 [MEDIUM] CVE-2025-11840: binutils - A weakness has been identified in GNU Binutils 2.45. The affected element is the... A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to

CVE-2025-69646 [MEDIUM] CVE-2025-69646: binutils - Binutils objdump contains a denial-of-service vulnerability when processing a cr... Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue wa

CVE-2025-1148 [LOW] CVE-2025-1148: binutils - A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Af... A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclo

CVE-2025-0840 [MEDIUM] CVE-2025-0840: binutils - A vulnerability, which was classified as problematic, was found in GNU Binutils ... A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be

CVE-2025-66863 [HIGH] CVE-2025-66863: binutils - An issue was discovered in function d_discriminator in file cp-demangle.c in Bin... An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-1152 [LOW] CVE-2025-1152: binutils - A vulnerability classified as problematic has been found in GNU Binutils 2.43. A... A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the publ