Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
GNU Binutils: Denial of Service when processing malformed ELF files
DEBIAN-CVE-2025-69652
Summary
A security issue in the GNU Binutils readelf tool can cause it to crash when processing a specially crafted ELF file, potentially disrupting operations. This vulnerability does not allow an attacker to access or modify data, but it can stop the tool from functioning. To protect against this, consider updating to a newer version of the GNU Binutils package.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | binutils | All versions | – |
| debian | binutils | All versions | – |
| debian | binutils | All versions | – |
| debian | binutils | All versions | – |
Original title
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete sta...
Original description
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
osv CVSS3.1
6.2
- https://security-tracker.debian.org/tracker/CVE-2025-69652 Vendor Advisory
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026