Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Binutils objdump crashes when processing malformed debug data
UBUNTU-CVE-2025-69645
Summary
A flaw in Binutils objdump can cause the program to crash if it's given a specially crafted binary with incorrect debugging information. This could be exploited by a malicious user to disrupt the system. Update to the latest version of Binutils to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
| canonical | binutils | All versions | – |
Original title
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can res...
Original description
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
- https://ubuntu.com/security/CVE-2025-69645 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-69645 Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=33637 Third Party Advisory
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b... Third Party Advisory
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026