GNU Binutils readelf crashes when processing malformed ELF files

Summary

Using a specially crafted ELF file, an attacker can crash the readelf program, causing it to stop working. This happens when readelf tries to process a file with incorrect relocation data. To stay safe, update to a newer version of GNU Binutils, version 2.47 or later, to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–

Original title

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return ...

Original description

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.

https://ubuntu.com/security/CVE-2025-69650 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-69650 Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=33698 Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26... Third Party Advisory