CVE-2025-15504
Unknown Unknown - Not Provided
Null Pointer Dereference in LIEF ELF Binary Parser (Local Exploit

Publication date: 2026-01-10

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-10
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-01-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15504
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lief-project lief to 0.17.1 (inc)
lief-project lief 0.17.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-15504 is a vulnerability in the LIEF project affecting the ELF Binary Parser component, specifically in the function Parser::parse_binary. The issue is a null pointer dereference caused when the parser attempts to access the GNU Hash structure without verifying if it is initialized. This leads to a segmentation fault or crash when parsing malformed ELF binaries. The vulnerability requires local access to exploit and can cause the application to terminate unexpectedly. A patch adding a null check before accessing the GNU Hash object fixes this issue. [1, 2, 4, 6]


How can this vulnerability impact me? :

This vulnerability can impact you by causing the affected software (LIEF's ELF parser) to crash or terminate unexpectedly when processing malformed ELF binaries. This results in a denial of service, affecting the availability of the software. Since the exploit requires local access, an attacker with local privileges could trigger this crash to disrupt services or applications relying on LIEF for ELF parsing. [1, 2, 4]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to parse malformed ELF binaries using the LIEF library's ELF parser, specifically the `elf_reader` example. Running the `elf_reader` tool on a crafted malformed ELF file (such as the provided repro case) can trigger a segmentation fault (SIGSEGV) due to the null pointer dereference. For example, executing `./elf_reader repro` where `repro` is a malformed ELF binary can reproduce the crash. Additionally, compiling LIEF with AddressSanitizer enabled (`-fsanitize=address`) can help detect the null pointer dereference during testing. Monitoring for segmentation faults or crashes in applications using LIEF's ELF parser when processing ELF files can also indicate exploitation attempts. [2, 4]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the LIEF library to version 0.17.2, which contains the patch that fixes the null pointer dereference issue in the ELF parser. The patch adds a null check before accessing the GNU Hash structure, preventing crashes. If upgrading is not immediately possible, avoid processing untrusted or malformed ELF binaries with the affected versions of LIEF. Applying the patch identified by commit ID 81bd5d7ea0c390563f1c4c017c9019d154802978 is also recommended to resolve the issue. [1, 5, 6]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart