Unrated severityNVD Advisory· Published Feb 10, 2025· Updated Apr 4, 2025
GNU Binutils format.c bfd_set_format memory corruption
CVE-2025-1153
Description
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.
Affected products
120- osv-coords118 versionspkg:apk/chainguard/binutilspkg:apk/chainguard/binutils-devpkg:apk/chainguard/binutils-docpkg:apk/chainguard/binutils-goldpkg:apk/wolfi/binutilspkg:apk/wolfi/binutils-devpkg:apk/wolfi/binutils-docpkg:apk/wolfi/binutils-goldpkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/bpftool&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-loongarch64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/openucx&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perf&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/openucx&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/perf&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.45-r0+ 117 more
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-r0
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-1.2
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 1.17.0-150700.4.2.7
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 6.4.0.git54263.0aad576b1c-150700.3.2.2
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- vuldb.commitrethird-party-advisory
- sourceware.org/bugzilla/show_bug.cgimitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
- www.gnu.orgmitreproduct
News mentions
0No linked articles in our index yet.