Security News

Cybersecurity news aggregator

๐Ÿ”“
LOW Vulnerabilities Microsoft Security Response Center

CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

cve-2025-69645binutils
  • What: Binutils objdump has a denial-of-service vulnerability (CVE-2025-69645)
  • Impact: Could cause process termination
Read Full Article →

We use optional cookies to improve your experience on our websites, such as through social media connections, and to display personalized advertising based on your online activity. If you reject optional cookies, only cookies necessary to provide you the services will be used. You may change your selection by clicking โ€œManage Cookiesโ€ at the bottom of the page. Privacy Statement Third-Party Cookies Accept Reject Manage cookies MSRC ๎ฌ Customer Guidance ๎ฌ Security Update Guide ๎ฌ Vulnerabilities ๎ฌ CVE-2025-69645 Loading... CVE-2025-69645 ๎œ• Subscribe RSS PowerShell ๎ฅƒ API ๎ฅƒ CSAF Assigning CNA Microsoft Metrics ๎ฅ† ๎ฅฎ Expand all ๎ฅฐ Collapse all Metric Value Please see Common Vulnerability Scoring System for more information on the definition of these metrics. Mitigations Workarounds FAQ Acknowledgements Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgements for more information. Security Updates To determine the support lifecycle for your software, see the Microsoft Support Lifecycle. Release date Descending ๎œ Edit columns ๎ข– Download ๎œœ Filters ๎œก Product Family ๎œ Max Severity ๎œ Impact ๎œ Platform ๎œ ๎ข” Clear Release date ๎นฉ Product Platform Impact Max Severity Article Download Build Number Assigning CNA Customer Action Required Loading... Disclaimer The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions version revisionDate description ๎žน How satisfied are you with the MSRC Security Update Guide? Rating ๎žƒ Broken ๎ชˆ Bad ๎— Below average ๎ช‡ Average ๎ฎ Great! ๎ข” Your Privacy Choices Consumer Health Privacy

Related Articles

MEDIUM CVE-2026-6845 Binutils: binutils: denial of service via crafted elf file Microsoft Security Response Center LOW CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis. Microsoft Security Response Center LOW CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service. Microsoft Security Response Center LOW CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed. Microsoft Security Response Center
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn