CVE-2025-69646 — MEDIUM (5.5)

Vulnerability Description

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnu	Binutils	2.44

Related Weaknesses (CWE)

CWE-400

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33638ExploitIssue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2beThird Party Advisory

FAQ

What is CVE-2025-69646?

CVE-2025-69646 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can ca...

How severe is CVE-2025-69646?

CVE-2025-69646 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-69646?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.