Malformed ELF Binary Can Crash GNU Binutils' readelf Tool

Summary

A security issue in GNU Binutils' readelf tool can cause it to crash when it encounters a specially crafted ELF binary with incorrect debug information. This could disrupt the normal functioning of the tool, but it does not appear to allow attackers to take control of a system. To ensure the tool's stability, update to a fixed version of GNU Binutils.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–
canonical	binutils	All versions	–

Original title

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete sta...

Original description

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

https://ubuntu.com/security/CVE-2025-69652 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-69652 Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=33701 Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252... Third Party Advisory