CVE-2025-69649

Published: 3/6/2026 Last updated: 3/10/2026 Reserved: 1/9/2026

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.25398.1611

References (4)

https://sourceware.org/bugzilla/show_bug.cgi?id=33697
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66
https://sourceware.org/bugzilla/show_bug.cgi?id=33697
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66