Buffer Overflow Vulnerability in BinUtils 2.26 by GNU
CVE-2025-66862

7.5HIGH

Key Information:

Vendor: GNU
Status: BinUtils
Vendor: CVE Published:; 29 December 2025

What is CVE-2025-66862?

A buffer overflow vulnerability has been identified in the gnu_special function of the cplus-dem.c file within BinUtils 2.26. This flaw allows attackers to exploit crafted PE files, potentially leading to a denial of service. Exploitation involves creating specific conditions that trigger the overflow, enabling attackers to disrupt service availability.

References

https://github.com/caozhzh/CRGF-Vul/blob/main/cxxfilt/cra...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 29, 2025
Vulnerability Reserved
Dec 8, 2025

JSON