CVE-2025-1372

Name of the Vulnerable Software and Affected Versions: GNU elfutils version 0.192

Description: A critical vulnerability was found in GNU elfutils. The issue affects the function dump data section/print string section of the file readelf.c in the eu-readelf component. The manipulation of the argument z/x leads to a buffer overflow. An attack must be approached locally. The exploit has been disclosed to the public and may be used.

Recommendations: To fix this issue, it is recommended to apply a patch. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. As a temporary workaround, consider disabling the dump data section/print string section function until a patch is available. Restrict access to the vulnerable component eu-readelf to minimize the risk of exploitation. Avoid using the argument z/x in the affected function until the issue is resolved.