Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
GNU Binutils readelf: Denial of Service with Malformed ELF Binary
CVE-2025-69650
Summary
A security issue in GNU Binutils' readelf program can cause it to crash when processing a specially crafted ELF file. This could prevent the program from working, but it does not allow an attacker to take control of your system. Update to the latest version of GNU Binutils to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gnu | binutils | <= 2.46 | – |
Original title
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return ...
Original description
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.
Vulnerability type
CWE-415
Published: 6 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026