CLSA-2026-1778674192 Fix CVE(s): CVE-2026-3441, CVE-2026-3442

SECURITY UPDATE: heap-based OOB read in xcofflinkaddsymbols bfd/xcofflink.c triggered by a crafted XCOFF object file - debian/patches/binutils-CVE-2026-3441-3442.patch: bounds-check XTYLD xscnlen csect index and sanity-check rsymndx before indexing symhashes - CVE-2026-3441 - CVE-2026-3442...

CLSA-2026-1778237657 binutils: Fix of 4 CVEs

CVE-2025-5244: fix ld segfault on fuzzed object via NULL group head - CVE-2025-5245: fix segv in objdump debugtypesamep and debugwritetype on incomplete enum types - CVE-2026-3441: fix xcofflink XTYLD xscnlen out-of-bounds index - CVE-2026-3442: fix xcofflink rsymndx out-of-bounds sym hash index...

CLSA-2026-1777949670 binutils: Fix of 8 CVEs

CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing - CVE-2025-3198: fix memory leak...

Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

...

CLSA-2026-1775726631 binutils: Fix of 9 CVEs

CVE-2023-1972: fix heap buffer overflow in bfdelfslurpversiontables - CVE-2025-11412: fix out-of-bounds read in bfdelfgcrecordvtentry - CVE-2025-11413: fix out-of-bounds read in elflinkaddobjectsymbols - CVE-2025-11839: fix abort in tgtagtype with fuzzed input - CVE-2025-11840: fix SEGV from NULL...

EUVD-2026-24714

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

CVE-2026-6846

CVE-2026-6846 describes a heap-buffer-overflow in GNU binutils during linking when processing a specially crafted XCOFF object file. The vulnerability affects the XCOFF handling code, where a crafted file can trigger arbitrary code execution or a denial of service. The advisory notes local exploi...

CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

Linux Distros Unpatched Vulnerability : CVE-2026-6846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object fi...

PT-2026-34314

Name of the Vulnerable Software and Affected Versions binutils affected versions not specified Description A heap-buffer-overflow occurs when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing thi...

Red Hat Enterprise Linux 安全漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a security vulnerability. This vulnerability stems from improper handling of special XCOFF object files during linking. A local attacker can trick users into...

CLSA-2026-1776069305 binutils: Fix of 2 CVEs

CVE-2026-3441, CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing...

CLSA-2026-1776156000 binutils: Fix of 4 CVEs

CVE-2025-5244: fix NULL deref in elfgcsweep with empty groups - CVE-2025-5245: fix SEGV in debugtypesamep - CVE-2026-3441 CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing...

CLSA-2026-1776156481 Fix of 5 CVEs

SECURITY UPDATE: fix heap buffer overflow in bfdelfparseehframe - debian/patches/CVE-2025-11082.patch: fix heap buffer overflow in bfdelfparseehframe - CVE-2025-11082 SECURITY UPDATE: fix NULL deref in elfgcsweep with empty groups - debian/patches/CVE-2025-5244.patch: fix NULL deref in elfgcsweep...

CLSA-2026-1776069613 Fix CVE(s): CVE-2026-3441, CVE-2026-3442

SECURITY UPDATE: buffer overflow in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: properly bounds check XTYLD xscnlen index in xcofflinkaddsymbols - CVE-2026-3441 SECURITY UPDATE: out-of-bounds read in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: sanity check...

CLSA-2026-1775722568 binutils: Fix of 4 CVEs

CVE-2025-5244: fix NULL pointer dereference in elfgcsweep for empty section groups - CVE-2025-5245: fix memory corruption in debugtypesamep incorrect NULL check - CVE-2026-3441: fix out-of-bounds read in xcofflinkaddsymbols xscnlen bounds check - CVE-2026-3442: fix out-of-bounds read in...