CVE-2025-15504
Unknown Unknown - Not Provided

Null Pointer Dereference in LIEF ELF Binary Parser (Local Exploit

Vulnerability report for CVE-2025-15504, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-10

Last updated on: 2026-04-29

Assigner: VulDB

Description

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-10
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-01-10
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
lief-project lief to 0.17.1 (inc)
lief-project lief 0.17.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-15504 is a vulnerability in the LIEF project affecting the ELF Binary Parser component, specifically in the function Parser::parse_binary. The issue is a null pointer dereference caused when the parser attempts to access the GNU Hash structure without verifying if it is initialized. This leads to a segmentation fault or crash when parsing malformed ELF binaries. The vulnerability requires local access to exploit and can cause the application to terminate unexpectedly. A patch adding a null check before accessing the GNU Hash object fixes this issue. [1, 2, 4, 6]

Impact Analysis

This vulnerability can impact you by causing the affected software (LIEF's ELF parser) to crash or terminate unexpectedly when processing malformed ELF binaries. This results in a denial of service, affecting the availability of the software. Since the exploit requires local access, an attacker with local privileges could trigger this crash to disrupt services or applications relying on LIEF for ELF parsing. [1, 2, 4]

Detection Guidance

This vulnerability can be detected by attempting to parse malformed ELF binaries using the LIEF library's ELF parser, specifically the `elf_reader` example. Running the `elf_reader` tool on a crafted malformed ELF file (such as the provided repro case) can trigger a segmentation fault (SIGSEGV) due to the null pointer dereference. For example, executing `./elf_reader repro` where `repro` is a malformed ELF binary can reproduce the crash. Additionally, compiling LIEF with AddressSanitizer enabled (`-fsanitize=address`) can help detect the null pointer dereference during testing. Monitoring for segmentation faults or crashes in applications using LIEF's ELF parser when processing ELF files can also indicate exploitation attempts. [2, 4]

Mitigation Strategies

The immediate mitigation step is to upgrade the LIEF library to version 0.17.2, which contains the patch that fixes the null pointer dereference issue in the ELF parser. The patch adds a null check before accessing the GNU Hash structure, preventing crashes. If upgrading is not immediately possible, avoid processing untrusted or malformed ELF binaries with the affected versions of LIEF. Applying the patch identified by commit ID 81bd5d7ea0c390563f1c4c017c9019d154802978 is also recommended to resolve the issue. [1, 5, 6]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15504. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart