CVE-2025-7545
BaseFortify
Publication date: 2025-07-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow found in the GNU Binutils 2.45, specifically in the copy_section function of the file binutils/objcopy.c. It requires local access to exploit and involves manipulating the function to overflow a buffer on the heap, which can lead to unexpected behavior or crashes. A patch has been released to fix this issue.
How can this vulnerability impact me? :
If exploited locally, this vulnerability can cause a heap-based buffer overflow, potentially leading to program crashes, data corruption, or execution of arbitrary code with the privileges of the affected process. This can compromise system stability and security.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 to fix the vulnerability in GNU Binutils 2.45. Since the vulnerability requires local access to exploit, ensure that only trusted users have local access until the patch is applied.