VDB

DEBIAN-CVE-2025-11494

DEBIAN-CVE-2025-11494 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12binutils2.45-3, 2.41-2, 2.40.50.20230510-1
Debian:11binutils2.41.50.20231010-1, 2.39-4, 2.39-5
Debian:13binutils0, 2.45.90.20260201-1, 2.45.90.20260125-1
Debian:14binutils2.45-1, 2.44.50.20250201-1, 2.45.90.20260201-1

Exploit Intelligence

Timeline

  • Oct 8, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›