CVE-2025-11494

LOW 3.3

GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

CWE	CWE-125 CWE-119
Vendor	gnu
Product	binutils
Published	Oct 8, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for gnu binutils

Be the first to know when new low vulnerabilities affecting gnu binutils are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

GNU / Binutils

2.45

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.327619 vuldb.com: https://vuldb.com/?ctiid.327619 vuldb.com: https://vuldb.com/?submit.668281 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=33499 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 sourceware.org: https://sourceware.org/bugzilla/attachment.cgi?id=16389 sourceware.org: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a gnu.org: https://www.gnu.org/

Credits

🔍 Yifan Zhang (VulDB User)