Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.0
Binutils: Malicious input file crashes objdump with endless output
CVE-2025-69644
Summary
Older versions of Binutils' objdump tool are vulnerable to a denial-of-service attack if given a specially crafted binary with incorrect debug information. This means an attacker could intentionally cause the tool to consume excessive resources, potentially slowing down or crashing the system. To fix this, update to the latest version of Binutils (2.46 or later).
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gnu | binutils | <= 2.46 | – |
Original title
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handli...
Original description
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
Published: 6 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026