Double Free Vulnerability in GNU Binutils Affecting ELF Binary Processing
CVE-2025-69650

7.5HIGH

Key Information:

Vendor: GNU
Status: Binutils
Vendor: CVE Published:; 6 March 2026

What is CVE-2025-69650?

The GNU Binutils software suite exhibits a double free vulnerability when processing manually crafted ELF binaries with improperly formatted relocation data. Specifically, during the handling of Global Offset Table (GOT) relocations, the dump_relocations function may terminate prematurely without initializing the all_relocations array. This oversight allows the function process_got_section_contents() to erroneously pass an uninitialized r_symbol pointer to the free() function. Consequently, this may result in a double free condition, which can lead to application instability and a potential denial of service. However, there is no evidence indicating that this vulnerability could be exploited for memory corruption or arbitrary code execution.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33698

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;...

https://sourceware.org/bugzilla/show_bug.cgi?id=33700

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-69650 Data

JSON