cve 2023 25588

CVE-2023-25588 is a vulnerability in the GNU Binutils BFD library, specifically an uninitialized field in the asymbol structure when processed by bfd_mach_o_get_synthetic_symtab. This memory bug can cause tools like objdump, readelf, and strip to crash when handling crafted Mach-O object files, leading to a local denial-of-service condition. While not a remote code execution risk, it poses a reliability and supply-chain hazard for environments that parse untrusted object files or automate binary processing. The tag covers discussions about the technical details, impact, and mitigation of this specific CVE.