GNU Binutils 2.45 Heap-based BO in _bfd_elf_parse_eh_frame (Linker)
CVE-2025-11082 Published on September 27, 2025
GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2025-11082 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2025-11082
stack.watch emails you whenever new vulnerabilities are published in GNU Binutils or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
GNU Binutils Version 2.45 is affected by CVE-2025-11082Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.