2450302 – (CVE-2026-4647) CVE-2026-4647 binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library

Bug 2450302 (CVE-2026-4647) - CVE-2026-4647 binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library

Summary: CVE-2026-4647 binutils: Out-of-Bounds Read in XCOFF Relocation Processing in ...

Keywords:
Status:	NEW
Alias:	CVE-2026-4647
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2450314 2450315 2450316 2450320 2450321 2450317 2450318 2450319
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-23 12:56 UTC by OSIDB Bzimport
Modified:	2026-03-24 09:29 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-23 12:56:52 UTC

An out-of-bounds read vulnerability in the BFD library of GNU Binutils affects the functions xcoff_ppc_relocate_section() and xcoff64_ppc_relocate_section() in coff-rs6000.c and coff64-rs6000.c. The flaw is caused by improper validation of the relocation type field (r_type), which is read from input files and used as an array index without adequate bounds checking. This issue affects all versions of GNU Binutils prior to 2.47. When a specially crafted XCOFF object file is processed, this can lead to out-of-bounds memory access, potentially causing a crash, information disclosure, or unintended control flow behavior.

Comment 2 krisebay 2026-03-24 09:29:02 UTC

The functions xcoff_ppc_relocate_section() and xcoff64_ppc_relocate_section() in coff-rs6000.c and coff64-rs6000.c are impacted by an out-of-bounds read vulnerability in the BFD library of GNU Binutils.  https://snowrider-2.io

Note You need to log in before you can comment on or make changes to this bug.