Copyright © 2012 Red Hat, Inc. All rights reserved. Low 2026-03-06T00:00:00 binutils: abort in readelf via crafted ELF binary with malformed DWARF abbrev or debug information 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CWE-617

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF abbrev or debug information with the readelf program using the -w abbrev command line option can trigger an abort, causing a crash and resulting in a denial of service.

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this reachable abort is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with readelf. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security. To mitigate this vulnerability, do not process untrusted, unverified or externally supplied ELF binaries with the readelf program. Red Hat Enterprise Linux 10 Fix deferred binutils Red Hat Enterprise Linux 10 Fix deferred gcc-toolset-15-binutils Red Hat Enterprise Linux 10 Fix deferred gdb Red Hat Enterprise Linux 10 Fix deferred mingw-binutils Red Hat Enterprise Linux 6 Fix deferred binutils Red Hat Enterprise Linux 7 Fix deferred binutils Red Hat Enterprise Linux 7 Fix deferred gdb Red Hat Enterprise Linux 8 Fix deferred binutils Red Hat Enterprise Linux 8 Fix deferred gcc-toolset-14-binutils Red Hat Enterprise Linux 8 Fix deferred gcc-toolset-14-gdb Red Hat Enterprise Linux 8 Fix deferred gcc-toolset-15-binutils Red Hat Enterprise Linux 8 Fix deferred gcc-toolset-15-gdb Red Hat Enterprise Linux 8 Fix deferred gdb Red Hat Enterprise Linux 8 Fix deferred mingw-binutils Red Hat Enterprise Linux 9 Fix deferred binutils Red Hat Enterprise Linux 9 Fix deferred gcc-toolset-14-binutils Red Hat Enterprise Linux 9 Fix deferred gcc-toolset-15-binutils Red Hat Enterprise Linux 9 Fix deferred gdb Red Hat Enterprise Linux 9 Fix deferred mingw-binutils Red Hat Hardened Images Affected binutils Red Hat OpenShift Container Platform 4 Fix deferred rhcos https://www.cve.org/CVERecord?id=CVE-2025-69652 https://nvd.nist.gov/vuln/detail/CVE-2025-69652 https://sourceware.org/bugzilla/show_bug.cgi?id=33701 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01