Binutils

This hub aggregates every CVE we track for Binutils, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Binutils.

• CVE-2026-6846Binutils: binutils: arbitrary code execution via malformed xcoff object file processing7.8Apr 22, 2026
• CVE-2026-6844Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files5.5Apr 22, 2026
• CVE-2026-6845Binutils: binutils: denial of service via crafted elf file5.0Apr 22, 2026
• CVE-2026-4647Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library6.1Mar 23, 2026
• CVE-2026-3441Binutils: gnu binutils: information disclosure via specially crafted xcoff object file6.1Mar 15, 2026
• CVE-2026-3442Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker6.1Mar 15, 2026
• CVE-2025-69648GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes...6.2Mar 9, 2026
• CVE-2025-69647GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause rea...6.2Mar 9, 2026
• CVE-2025-69650GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return ...7.5Mar 6, 2026
• CVE-2025-69649GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null ...7.5Mar 6, 2026
• CVE-2025-69652GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete sta...6.2Mar 6, 2026
• CVE-2025-66865An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.7.5Dec 29, 2025
• CVE-2025-66863An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.7.5Dec 29, 2025
• CVE-2025-66866An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.7.5Dec 29, 2025
• CVE-2025-66861An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.2.5Dec 29, 2025