2445773 – (CVE-2025-69647) CVE-2025-69647 binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data

Bug 2445773 (CVE-2025-69647) - CVE-2025-69647 binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data

Summary: CVE-2025-69647 binutils: infinite loop in readelf via crafted binary with mal...

Keywords:
Status:	NEW
Alias:	CVE-2025-69647
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2448140 2448141 2448145 2448146 2448147 2448142 2448143 2448144
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-09 15:01 UTC by OSIDB Bzimport
Modified:	2026-03-16 18:01 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-09 15:01:43 UTC

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.

Note You need to log in before you can comment on or make changes to this bug.