Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GNU Binutils readelf crashes when processing malformed ELF files
CVE-2025-69649
Summary
A software tool called GNU Binutils, used for analyzing binary files, can crash if given a specially crafted file with incorrect information. This could cause the tool to stop working, but it does not appear to allow an attacker to access or modify the system in any way. Users should update to the latest version of the tool to avoid crashes.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gnu | binutils | <= 2.46 | – |
Original title
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null ...
Original description
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.
Vulnerability type
CWE-476
NULL Pointer Dereference
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026