CVE-2025-8224
GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
| CWE | CWE-476 CWE-404 |
| Vendor | gnu |
| Product | binutils |
| Published | Jul 27, 2025 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for gnu binutils
Be the first to know when new low vulnerabilities affecting gnu binutils are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
GNU / Binutils
2.44
References
vuldb.com: https://vuldb.com/?id.317812 vuldb.com: https://vuldb.com/?ctiid.317812 vuldb.com: https://vuldb.com/?submit.621878 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=32109 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2 sourceware.org: https://sourceware.org/bugzilla/attachment.cgi?id=15680 sourceware.org: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530 gnu.org: https://www.gnu.org/ cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-265688.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Credits
๐ arthurx (VulDB User)