Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Package Manager Icon
Package Manager
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-69645

Published: March 11, 2026Last modified: March 28, 2026

Description

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSbinutilsUnknown (2.39-r2)
25 LTSbinutilsFixed (2.45.1-r1)
StreambinutilsFixed (2.45.1-r3)
Hardened Containers23 LTSbinutilsUnknown (2.39-r2)
25 LTSbinutilsFixed (2.45.1-r1)
StreambinutilsFixed (2.45.1-r3)

References

ON THIS PAGE