Binutils
by GNU
Source repositories
CVEs (273)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3441 | 0.00 | — | 0.00 | Mar 15, 2026 | A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker… | |||
| CVE-2026-3442 | 0.00 | — | 0.00 | Mar 15, 2026 | A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful… | |||
| CVE-2025-69648 | 0.00 | — | 0.00 | Mar 9, 2026 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward… | |||
| CVE-2025-69647 | 0.00 | — | 0.00 | Mar 9, 2026 | GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress,… | |||
| CVE-2025-69651 | 0.00 | — | 0.00 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain… | |||
| CVE-2025-69645 | 0.00 | — | 0.00 | Mar 6, 2026 | Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian,… | |||
| CVE-2025-69652 | 0.00 | — | 0.00 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate… | |||
| CVE-2025-69649 | 0.00 | — | 0.00 | Mar 6, 2026 | GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a… | |||
| CVE-2025-69646 | 0.00 | — | 0.00 | Mar 6, 2026 | Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate,… | |||
| CVE-2025-66863 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66861 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66866 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66864 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66865 | 0.00 | — | 0.00 | Dec 29, 2025 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-66862 | 0.00 | — | 0.00 | Dec 29, 2025 | A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | |||
| CVE-2025-1182 | 0.00 | — | 0.01 | Feb 11, 2025 | A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely.… | |||
| CVE-2025-1181 | 0.00 | — | 0.01 | Feb 11, 2025 | A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity… | |||
| CVE-2025-1180 | 0.00 | — | 0.01 | Feb 11, 2025 | A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack… | |||
| CVE-2025-1179 | 0.00 | — | 0.01 | Feb 11, 2025 | A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an… | |||
| CVE-2025-1178 | 0.00 | — | 0.01 | Feb 11, 2025 | A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The… |
- CVE-2026-3441Mar 15, 2026risk 0.00cvss —epss 0.00
A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker…
- CVE-2026-3442Mar 15, 2026risk 0.00cvss —epss 0.00
A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful…
- CVE-2025-69648Mar 9, 2026risk 0.00cvss —epss 0.00
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward…
- CVE-2025-69647Mar 9, 2026risk 0.00cvss —epss 0.00
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress,…
- CVE-2025-69651Mar 6, 2026risk 0.00cvss —epss 0.00
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain…
- CVE-2025-69645Mar 6, 2026risk 0.00cvss —epss 0.00
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian,…
- CVE-2025-69652Mar 6, 2026risk 0.00cvss —epss 0.00
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate…
- CVE-2025-69649Mar 6, 2026risk 0.00cvss —epss 0.00
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a…
- CVE-2025-69646Mar 6, 2026risk 0.00cvss —epss 0.00
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate,…
- CVE-2025-66863Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66861Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
- CVE-2025-66866Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66864Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66865Dec 29, 2025risk 0.00cvss —epss 0.00
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-66862Dec 29, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
- CVE-2025-1182Feb 11, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely.…
- CVE-2025-1181Feb 11, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity…
- CVE-2025-1180Feb 11, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack…
- CVE-2025-1179Feb 11, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an…
- CVE-2025-1178Feb 11, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The…
Page 9 of 14