15 matches found
CVE-2026-3442
CVE-2026-3442 is a reported heap-based buffer overflow in the GNU Binutils bfd linker, caused by a missing r_symndx bounds check in xcoff_link_add_symbols. Exploitation would involve processing a crafted XCOFF object file and could lead to information disclosure or an application crash/DoS. Multi...
CVE-2025-69649
CVE-2025-69649 affects GNU Binutils up to version 2.46 (readelf). A vulnerability in relocation processing can pass an invalid or null section pointer to display_relocations(), causing a null pointer dereference that leads to a segmentation fault (SIGSEGV) and process termination. The available s...
CVE-2026-6846
CVE-2026-6846 describes a heap-buffer-overflow in GNU binutils during linking when processing a specially crafted XCOFF object file. The vulnerability affects the XCOFF handling code, where a crafted file can trigger arbitrary code execution or a denial of service. The advisory notes local exploi...
CVE-2025-69651
CVE-2025-69651 affects GNU Binutils through version 2.46, specifically the readelf component. The vulnerability arises from an invalid pointer free when parsing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations exits early, the internal all_relocations array may b...
CVE-2026-3441
CVE-2026-3441 affects GNU Binutils, specifically an out-of-bounds read in the xcoff linker (bfd) triggered by processing a crafted XCOFF object file. The root cause is an out-of-bounds read in xcoff_link_add_symbols due to a bounds check issue on x_scnlen, leading to potential information disclos...
CVE-2025-69650
CVE-2025-69650 affects GNU Binutils up to version 2.46, specifically the readelf tool. The vulnerability arises during GOT relocation handling: dump_relocations may return early and fail to initialize the all_relocations array, causing process_got_section_contents() to pass an uninitialized r_sym...
CVE-2025-69652
GNU Binutils readelf (up to version 2.46) contains a vulnerability when processing crafted ELF binaries with malformed DWARF/debug info. Root cause: incomplete cleanup in process_debug_info can leave invalid debug_info_p state, causing a fatal abort in byte_get_little_endian() for certain zero-le...
CVE-2026-6844
CVE-2026-6844 affects the readelf utility in the binutils package. A crafted ELF file can trigger two DoS conditions: (1) resource exhaustion leading to out-of-memory and (2) a null pointer dereference causing a segmentation fault. Both can render readelf unresponsive or crash, resulting in denia...
CVE-2026-4647
The CVE-2026-4647 issue affects the GNU Binutils BFD library when handling XCOFF object files. A relocation type value is not properly validated before use, allowing an out-of-bounds read. This can cause tools that process XCOFF binaries to crash or expose unintended memory contents, leading to d...
CVE-2025-69645
CVE-2025-69645 affects binutils objdump with a flaw in DWARF compilation unit handling that can drive an invalid offset_size into byte_get_little_endian, triggering a SIGABRT on crafted inputs. The issue is documented for binutils 2.44; several connected sources note a patch/release upgrade path ...
CVE-2025-69644
CVE-2025-69644 affects Binutils before 2.46, where objdump may loop indefinitely when parsing crafted binaries with malformed DWARF debug information due to a logic flaw in DWARF location list header handling. This can cause unbounded resource consumption and endless output, enabling a local atta...
CVE-2026-6845
CVE-2026-6845 : A flaw in binutils/readelf allows a local attacker to trigger a Denial of Service by processing a specially crafted ELF file. The vulnerability arises during ELF processing and can cause the host to become unresponsive due to excessive resource consumption or a program crash. CVSS...
CVE-2025-69648
CVE-2025-69648 affects GNU Binutils readelf (up to 2.45.1) and related mingw-binutils packages. The issue is a logic flaw in the DWARF parser when handling crafted binaries with malformed .debug_rnglists data, causing readelf to print the same warning in a loop and not make forward progress, resu...
CVE-2025-69647
CVE-2025-69647 affects GNU Binutils readelf before or up to 2.45.1. A logic flaw in the DWARF loclists parser can cause readelf to loop indefinitely while processing a crafted binary, consuming CPU and I/O and effectively denying analysis progress. This is triggered by a malicious input file and ...
CVE-2025-69646
CVE-2025-69646 affects GNU Binutils’ objdump. A logic error in handling the debug_rnglists header when processing a crafted binary (notably seen in binutils 2.44) can cause an unbounded logging loop, consuming CPU/I/O and preventing completion of objdump analysis. Affected component: objdump in b...