CVE-2025-69651

Name of the Vulnerable Software and Affected Versions GNU Binutils versions through 2.46

Description GNU Binutils versions through 2.46 contain an issue where processing a specially crafted ELF binary with incorrect relocation or symbol data can lead to an invalid pointer being freed. This occurs if the dump relocations function exits prematurely due to parsing errors, leaving the all relocations array partially uninitialized. Subsequently, the process got section contents() function may attempt to free an invalid r symbol pointer, triggering memory corruption checks within glibc and resulting in program termination via a SIGABRT signal. The impact is limited to a denial-of-service condition, with no evidence of further memory corruption or code execution.

Recommendations Versions prior to 2.46 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.