CLSA-2026-1779266445 binutils: Fix of 4 CVEs

CVE-2026-3441: XCOFF linker XTYLD xscnlen out-of-bounds read - CVE-2026-3442: XCOFF linker rsymndx out-of-bounds read in objxcoffsymhashes - CVE-2025-7545: objcopy heap buffer overflow on --interleave with crafted small input - CVE-2025-5245: objdump SEGV / NULL deref in debugtypesamep and...

Astra Linux - уязвимость в binutils

Heap-based Buffer Overflow in the bfdgetl32 function in Binutils objdump 3.37...

Astra Linux - уязвимость в binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

Astra Linux - уязвимость в binutils

A vulnerability was discovered in Binutils objdump prior to version 2.39.3. Attackers can exploit this vulnerability to cause a denial of service or other unspecified effects through the bfdmachogetsyntheticsymtab function in match-o.c...

GNU Binutils objdump bucomm.c display_info memory leak

...

CLSA-2026-1778237657 binutils: Fix of 4 CVEs

CVE-2025-5244: fix ld segfault on fuzzed object via NULL group head - CVE-2025-5245: fix segv in objdump debugtypesamep and debugwritetype on incomplete enum types - CVE-2026-3441: fix xcofflink XTYLD xscnlen out-of-bounds index - CVE-2026-3442: fix xcofflink rsymndx out-of-bounds sym hash index...

Astra Linux - уязвимость в binutils

A vulnerability has been identified in GNU Binutils 2.43/2.44 and is classified as problematic. The vulnerability affects the displayinfo function in the binutils/bucomm.c file, which is part of the objdump component. This vulnerability causes a memory leak. An attack must be approached locally...

Astra Linux - уязвимость в binutils

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function comparesymbols...

Astra Linux - уязвимость в binutils

demangletemplate in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption aka OOM during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump...

Astra Linux - уязвимость в binutils

A NULL pointer dereference aka SEGV on unknown address 0x000000000000 was discovered in workstuffcopytofrom in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump...

Astra Linux - уязвимость в binutils

The finishstab function in stabs.c of the GNU Binutils 2.30 allows attackers to cause a denial of service heap-based buffer overflow or potentially have unspecified other impacts, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during the execution of objdump...

Astra Linux - уязвимость в binutils

There's a flaw in bfdpefparsefunctionstubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. A heap-based buffer overflow in the bfdgetl32 function in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be...

Astra Linux - уязвимость в binutils

A vulnerability classified as critical has been discovered in GNU Binutils version 2.44. This vulnerability affects the debugtypesamep function in the /binutils/debug.c file, belonging to the objdump component. The vulnerability causes memory corruption. Access to local resources is required to...

Astra Linux - уязвимость в binutils

The binutils version 2.32 and earlier contains an Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound, and bfdcanonicalizedynamicreloc. This vulnerability can lead to Integer Overflow, which in turn triggers Heap Overflow. Successful exploitation of this vulnerability allows f...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015477 advisory. A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the...

Unity Linux 20.1070e Security Update: binutils (UTSA-2026-015474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015474 advisory. A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function displayinfo of the file...

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

...

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

...

SUSE CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...