Debian Binutils vulnerabilities

CVE-2025-11083 [MEDIUM] CVE-2025-11083: binutils - A vulnerability has been found in GNU Binutils 2.45. The affected element is the... A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946

CVE-2025-69652 [MEDIUM] CVE-2025-69652: binutils - GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (... GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an un

CVE-2025-11412 [MEDIUM] CVE-2025-11412: binutils - A vulnerability has been found in GNU Binutils 2.45. This impacts the function b... A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c

CVE-2025-66862 [HIGH] CVE-2025-66862: binutils - A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in B... A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2025-11081 [MEDIUM] CVE-2025-11081: binutils - A vulnerability was detected in GNU Binutils 2.45. This issue affects the functi... A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to instal

CVE-2025-7545 [MEDIUM] CVE-2025-7545: binutils - A vulnerability classified as problematic was found in GNU Binutils 2.45. Affect... A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1

CVE-2025-1176 [LOW] CVE-2025-1176: binutils - A vulnerability was found in GNU Binutils 2.43 and classified as critical. This ... A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has bee

CVE-2025-69645 [MEDIUM] CVE-2025-69645: binutils - Binutils objdump contains a denial-of-service vulnerability when processing a cr... Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker c

CVE-2025-5244 [MEDIUM] CVE-2025-5244: binutils - A vulnerability was found in GNU Binutils up to 2.44. It has been rated as criti... A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to

CVE-2025-1150 [LOW] CVE-2025-1150: binutils - A vulnerability was found in GNU Binutils 2.43. It has been declared as problema... A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclose

CVE-2025-11494 [MEDIUM] CVE-2025-11494: binutils - A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x8... A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc

CVE-2025-11082 [MEDIUM] CVE-2025-11082: binutils - A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_pa... A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca

CVE-2025-69649 [HIGH] CVE-2025-69649: binutils - GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability... GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the

CVE-2025-1151 [LOW] CVE-2025-1151: binutils - A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic... A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the pub

CVE-2025-69644 [MEDIUM] CVE-2025-69644: binutils - An issue was discovered in Binutils before 2.46. The objdump contains a denial-o... An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior

CVE-2025-1181 [LOW] CVE-2025-1181: binutils - A vulnerability classified as critical was found in GNU Binutils 2.43. This vuln... A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been

CVE-2025-1153 [LOW] CVE-2025-1153: binutils - A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. A... A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to ad

CVE-2025-7546 [MEDIUM] CVE-2025-7546: binutils - A vulnerability, which was classified as problematic, has been found in GNU Binu... A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch i

CVE-2025-1182 [LOW] CVE-2025-1182: binutils - A vulnerability, which was classified as critical, was found in GNU Binutils 2.4... A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The e

CVE-2025-3198 [MEDIUM] CVE-2025-3198: binutils - A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as probl... A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6