2445263 – (CVE-2025-69644) CVE-2025-69644 binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information

Bug 2445263 (CVE-2025-69644) - CVE-2025-69644 binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information

Summary: CVE-2025-69644 binutils: Binutils: Denial of Service via crafted binary with ...

Keywords:
Status:	NEW
Alias:	CVE-2025-69644
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2445268 2445272 2445278 2445281 2445283 2445287 2445289 2445275
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-06 18:01 UTC by OSIDB Bzimport
Modified:	2026-03-06 18:45 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-06 18:01:34 UTC

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Note You need to log in before you can comment on or make changes to this bug.