CVE-2025-69645
Public on 2026-03-06
Modified on 2026-06-08
Description
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | binutils | No Fix Planned | ||
| Amazon Linux 2023 | binutils | No Fix Planned | ||
| Amazon Linux 2 - Core | gcc10-binutils | No Fix Planned | ||
| Amazon Linux 2 - Core | gdb | No Fix Planned | ||
| Amazon Linux 2023 | gdb | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 2.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |