GHSA-mjjp-xjfg-97wg

Source

https://github.com/advisories/GHSA-mjjp-xjfg-97wg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-mjjp-xjfg-97wg/GHSA-mjjp-xjfg-97wg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mjjp-xjfg-97wg

Aliases

CVE-2025-15504

Published

2026-01-10T12:30:16Z

Modified

2026-02-23T22:48:05.165053Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

LIEF is vulnerable to segmentation fault

Details

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-13T18:31:53Z",
    "severity": "LOW",
    "nvd_published_at": "2026-01-10T12:15:49Z",
    "cwe_ids": [
        "CWE-404",
        "CWE-476"
    ]
}

References

Affected packages

PyPI / lief

Package

Name: lief; View open source insights on deps.dev
Purl: pkg:pypi/lief

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.2

Affected versions

0.*

0.8.0

0.8.1

0.8.2

0.8.3

0.9.0

0.10.0

0.10.1

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.12.0

0.12.1

0.12.2

0.12.3

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.16.5

0.16.6

0.16.7

0.17.0

0.17.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-mjjp-xjfg-97wg/GHSA-mjjp-xjfg-97wg.json"

crates.io / lief

Package

Name: lief; View open source insights on deps.dev
Purl: pkg:cargo/lief

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-mjjp-xjfg-97wg/GHSA-mjjp-xjfg-97wg.json"