CVE-2025-69646
Received Received - Intake
Denial-of-Service in Binutils objdump via Malformed DWARF Data

Publication date: 2026-03-06

Last updated on: 2026-03-20

Assigner: MITRE

Description
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69646
EUVD
EUVD-2025-208344
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu binutils 2.44
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Binutils objdump tool when it processes a specially crafted binary containing malformed DWARF debug_rnglists data. Due to a logic error in handling the debug_rnglists header, objdump can enter an unbounded logging loop where it repeatedly prints the same warning message and fails to terminate properly.

This issue was observed in binutils version 2.44 and can be triggered by a local attacker supplying a malicious input file.

Impact Analysis

Exploitation of this vulnerability can cause excessive CPU and I/O usage on the affected system.

It results in a denial-of-service condition by preventing the objdump tool from completing its analysis, as the process gets stuck in an infinite logging loop until manually interrupted.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69646. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart