CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offsetsize value being used inside bytegetlittleendian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

References

Affected packages

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type

GIT

Repo

https://sourceware.org/git/binutils-gdb.git

Events

Introduced

Last affected

815d9a14cbbb3b81843f7566222c87fb22e7255d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.44"
        }
    ]
}

Affected versions

Other

binutils-2_41-release

binutils-2_44

gdb-10-branchpoint

gdb-11-branchpoint

gdb-12-branchpoint

gdb-13-branchpoint

gdb-14-branchpoint

gdb-15-branchpoint

gdb-16-branchpoint

gdb-4_18-branchpoint

gdb-9-branchpoint

gdb_5_2-branchpoint

gdb_5_3-branchpoint

gdb_6_0-branchpoint

gdb_6_1-branchpoint

gdb_6_2-branchpoint

gdb_6_3-branchpoint

gdb_6_4-branchpoint

gdb_6_5-branchpoint

gdb_6_6-branchpoint

gdb_6_7-branchpoint

gdb_6_8-branchpoint

gdb_7_0-branchpoint

gdb_7_1-branchpoint

gdb_7_2-branchpoint

gdb_7_3-branchpoint

gdb_7_4-branchpoint

gdb_7_5-branchpoint

gdb_7_6-branchpoint

users/ARM/embedded-binutils-master-2016q4

users/ARM/embedded-binutils-master-2017q4

users/ARM/embedded-binutils-master-2018q4

users/ARM/embedded-gdb-master-2017q4

users/ARM/embedded-gdb-master-2018q4

gdb-7.*

gdb-7.10-branchpoint

gdb-7.11-branchpoint

gdb-7.12-branchpoint

gdb-7.7-branchpoint

gdb-7.8-branchpoint

gdb-7.9-branchpoint

gdb-8.*

gdb-8.0-branchpoint

gdb-8.1-branchpoint

gdb-8.2-branchpoint

gdb-8.3-branchpoint

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69645.json"