Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
GNU Binutils readelf crashes with malformed ELF file
CVE-2025-69652
Summary
A malicious ELF file can cause the readelf tool to crash. This vulnerability affects the readelf tool in GNU Binutils versions up to 2.46. To mitigate this issue, update to a newer version of GNU Binutils.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gnu | binutils | <= 2.46 | – |
Original title
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete sta...
Original description
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.
Vulnerability type
CWE-460
Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026