VDB

DEBIAN-CVE-2025-69645

DEBIAN-CVE-2025-69645 PUBLISHED CVSS 5.5 MEDIUM

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:11binutils2.40.50.20230611-1, 2.36.1-5, 2.36.50.20210601-1
Debian:12binutils2.41-7, 2.44.50.20250405-1, 2.44.50.20250502-1
Debian:14binutils2.44.50.20250201-1, 0, 2.44-3
Debian:13binutils0, 2.44.50.20250207-1, 2.44.50.20250218-1

Timeline

  • Mar 6, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›