CVE-2025-69651

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

06/03/2026

Last modified:

09/03/2026

Description

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.

Impact

References to Advisories, Solutions, and Tools

https://sourceware.org/bugzilla/show_bug.cgi?id=33700
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh%3Dea4bc025abdba85a90e26e13f551c16a44bfa921