Vulnerability Description
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | <= 2.45.1 |
Related Weaknesses (CWE)
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=33640ExploitThird Party Advisory
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f348081Patch
FAQ
What is CVE-2025-69647?
CVE-2025-69647 is a vulnerability with a CVSS score of 6.2 (MEDIUM). GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readel...
How severe is CVE-2025-69647?
CVE-2025-69647 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-69647?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.