DEBIAN-CVE-2025-69649

DEBIAN-CVE-2025-69649 PUBLISHED CVSS 7.5 HIGH

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	binutils	2.46.50.20260216-1, 2.45-5, 2.44.50.20250218-2
Debian:12	binutils	2.43.50.20241215-1, 2.40.50.20230501-1, 2.40.50.20230111-1
Debian:11	binutils	2.42.90.20240720-2, 2.43.1-4, 2.43.1-5
Debian:13	binutils	2.45.50.20251023-1, 2.46.50.20260216-1, 2.46-3

Exploit Intelligence

test_scrapers.py (github-poc)

Timeline

Mar 6, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-69649 advisory

Open in Interactive Console →