
CVE-2025-5245 – GNU Binutils objdump debug.c debug_type_samep memory corruption
https://notcve.org/view.php?id=CVE-2025-5245
27 May 2025 — A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://sourceware.org/bugzilla/attachment.cgi?id=16004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2025-5244 – GNU Binutils ld elflink.c elf_gc_sweep memory corruption
https://notcve.org/view.php?id=CVE-2025-5244
27 May 2025 — A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. • https://sourceware.org/bugzilla/attachment.cgi?id=16010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2025-0840 – GNU Binutils objdump.c disassemble_bytes stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0840
29 Jan 2025 — A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://sourceware.org/bugzilla/attachment.cgi?id=15882 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVE-2022-47695 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-47695
22 Aug 2023 — An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks wh... • https://sourceware.org/bugzilla/show_bug.cgi?id=29846 • CWE-400: Uncontrolled Resource Consumption •

CVE-2022-45703 – SUSE Security Advisory - SUSE-SU-2023:3825-1
https://notcve.org/view.php?id=CVE-2022-45703
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. This update for binutils fixes the following issues. • https://security.netapp.com/advisory/ntap-20231006-0003 • CWE-787: Out-of-bounds Write •

CVE-2022-47673 – SUSE Security Advisory - SUSE-SU-2023:3825-1
https://notcve.org/view.php?id=CVE-2022-47673
22 Aug 2023 — An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. This update for binutils fixes the following issues. • https://sourceware.org/bugzilla/show_bug.cgi?id=29876 • CWE-125: Out-of-bounds Read •

CVE-2022-44840 – Ubuntu Security Notice USN-6381-1
https://notcve.org/view.php?id=CVE-2022-44840
22 Aug 2023 — Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. It was discovered that GNU binutils incorrectly handled memory management operations in several of its functions, which could ... • https://sourceware.org/bugzilla/show_bug.cgi?id=29732 • CWE-787: Out-of-bounds Write •

CVE-2022-48064 – SUSE Security Advisory - SUSE-SU-2023:3825-1
https://notcve.org/view.php?id=CVE-2022-48064
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. This update for binutils fixes the following issues. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2020-21490
https://notcve.org/view.php?id=CVE-2020-21490
22 Aug 2023 — An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. • https://security.netapp.com/advisory/ntap-20230929-0007 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVE-2022-48065 – Ubuntu Security Notice USN-6655-1
https://notcve.org/view.php?id=CVE-2022-48065
22 Aug 2023 — GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. It was discovered that GNU binutils was not properly handling the logic behind certain memory management related operations, which could lead to an invalid memory access. An attacker could possibly use this issue to cause a denial of service. It was discovered that GNU binutils was not properly performing bounds checks when dealing with memory allocation operations, which could... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG • CWE-401: Missing Release of Memory after Effective Lifetime •