binutils

The recently disclosed CVE‑2025‑7546 is a memory‑corruption bug in GNU Binutils 2.45 that allows a crafted ELF group section to trigger an out‑of‑bounds write in the BFD (Binary File Descriptor) library’s ELF handler — specifically in the function bfd_elf_set_group_contents inside bfd/elf.c. The...

A subtle bounds-checking bug in GNU Binutils’ VMS debugging parser can be coaxed into reading past its intended buffer, producing crashes and potential information disclosure that operators should treat as a real risk when processing untrusted object files or debug sections. This flaw — tracked...

A subtle, low-level memory bug in the GNU Binutils BFD library — an uninitialized field named the_bfd inside the asymbol structure when handled by bfd_mach_o_get_synthetic_symtab — can cause commonly used tools (objdump/readelf/strip/etc.) to crash when they process crafted Mach‑O objects...

CVE-2023-25585 exposes a subtle, but operationally meaningful, uninitialized-variable bug in GNU Binutils: the field file_table in struct module could be left uninitialized, allowing crafted inputs or sequences to trigger application crashes and local denial-of-service conditions on systems that...

Microsoft’s short advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a scoped, product‑level attestation, not a technical guarantee that no other Microsoft product can contain the same vulnerable GNU Binutils code...

The discovery of CVE-2022-47673 exposes a subtle but consequential memory-safety problem inside GNU Binutils’ addr2line utility: the function parse_module performs unchecked reads that can step outside buffer bounds in versions before 2.39.3, creating an out‑of‑bounds read that can crash...

Binutils’ objdump shipped a subtle but dangerous bug in its symbol-comparison routine that could be triggered by crafted object files to crash the tool and, in many real-world setups, take down services that rely on automated binary analysis. Background / Overview The vulnerability tracked as...

A newly cataloged weakness in GNU Binutils — tracked as CVE-2025-1152 — exposes a memory‑management bug in the linker’s xstrdup implementation that can leak allocated memory when processing crafted input, and while vendors rate its raw CVSS severity as low, the real operational risk centers on...

A creeping, low‑severity flaw in GNU Binutils — tracked as CVE‑2025‑1151 — has drawn attention because it exposes a persistent memory leak in the linker’s xmemdup implementation and because a public proof‑of‑concept is available; while the technical impact is limited, the operational risk to...

A new security advisory has placed GNU Binutils under the microscope: CVE-2025-11840 is an out-of-bounds read in the vfinfo function inside ldmisc.c that affects Binutils 2.45, can be triggered by a local actor, and — according to multiple trackers — already has a public proof of concept and an...