Binutils
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6846 | Hig | 0.51 | 7.8 | 0.00 | Apr 22, 2026 | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to… | ||
| CVE-2026-6844 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2026 | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead… | ||
| CVE-2025-66864 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66861 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66865 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66863 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2023-25584 | 0.00 | — | 0.00 | Sep 14, 2023 | An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. | |||
| CVE-2020-19726 | 0.00 | — | 0.01 | Aug 22, 2023 | An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | |||
| CVE-2020-35507 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application… | |||
| CVE-2020-35496 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw… | |||
| CVE-2020-35495 | 0.00 | — | 0.01 | Jan 4, 2021 | There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions… | |||
| CVE-2020-35493 | 0.00 | — | 0.01 | Jan 4, 2021 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to… |
- risk 0.51cvss 7.8epss 0.00
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…
- risk 0.36cvss 5.5epss 0.00
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead…
- CVE-2025-66864Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66861Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
- CVE-2025-66865Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66863Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2023-25584Sep 14, 2023risk 0.00cvss —epss 0.00
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
- CVE-2020-19726Aug 22, 2023risk 0.00cvss —epss 0.01
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
- CVE-2020-35507Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application…
- CVE-2020-35496Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw…
- CVE-2020-35495Jan 4, 2021risk 0.00cvss —epss 0.01
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions…
- CVE-2020-35493Jan 4, 2021risk 0.00cvss —epss 0.01
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to…