VDB
DEBIAN-CVE-2025-11494
DEBIAN-CVE-2025-11494
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | binutils | 2.45-3, 2.41-2, 2.40.50.20230510-1 |
| Debian:11 | binutils | 2.41.50.20231010-1, 2.39-4, 2.39-5 |
| Debian:13 | binutils | 0, 2.45.90.20260201-1, 2.45.90.20260125-1 |
| Debian:14 | binutils | 2.45-1, 2.44.50.20250201-1, 2.45.90.20260201-1 |
Exploit Intelligence
- 7919-1.json (github-poc)
- version.py (github-poc)
Timeline
- Oct 8, 2025 CVE Published
- Apr 28, 2026 CVE Updated