DEBIAN-CVE-2025-69652

DEBIAN-CVE-2025-69652 PUBLISHED CVSS 6.199999809265137 MEDIUM

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	binutils	0, 2.44.50.20250201-1, 2.44.50.20250218-1
Debian:11	binutils	2.43.1-1, 2.39.50.20221101-1, 2.41.50.20231206-1
Debian:12	binutils	2.42.90.20240720-2, 2.42.50.20240625-1, 2.42.50.20240710-1
Debian:14	binutils	2.44.50.20250201-1, 2.44.50.20250218-1, 2.44.50.20250218-2

Timeline

Mar 6, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-69652 advisory

Open in Interactive Console →