CVE-2025-15504

LOW 3.3

lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

CWE	CWE-476 CWE-404
Vendor	lief-project
Product	lief
Published	Jan 10, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for lief-project lief

Be the first to know when new low vulnerabilities affecting lief-project lief are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

lief-project / LIEF

0.17.0 0.17.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.340375 vuldb.com: https://vuldb.com/?ctiid.340375 vuldb.com: https://vuldb.com/?submit.733329 github.com: https://github.com/lief-project/LIEF/issues/1277 github.com: https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001 github.com: https://github.com/oneafter/1210/blob/main/segv1 github.com: https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978 github.com: https://github.com/lief-project/LIEF/releases/tag/0.17.2 github.com: https://github.com/lief-project/LIEF/

Credits

🔍 Oneafter (VulDB User)