CVE-2025-7545

Vulnerability

CVE-2025-7545

binutils: Binutils: Heap Buffer Overflow

ecosystem: redhat:7, redhat:8, redhat:9, redhat:10

A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.

References

secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7545
secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2379785
secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7545
secalert@redhat.com: https://sourceware.org/bugzilla/attachment.cgi?id=16117
secalert@redhat.com: https://sourceware.org/bugzilla/show_bug.cgi?id=33049
secalert@redhat.com: https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1
secalert@redhat.com: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944
secalert@redhat.com: https://vuldb.com/?ctiid.316243
secalert@redhat.com: https://vuldb.com/?id.316243
secalert@redhat.com: https://vuldb.com/?submit.614355
secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7545
secalert@redhat.com: https://www.gnu.org/

severityM

Moderate

type: vendor

source: secalert@redhat.com

CVSS3.1

5.3MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AV	Local
AC	Low
PR	Low
UI	None
S	Not Changed
C	Low
I	Low
A	Low

source: secalert@redhat.com

　CWE

CWE-122

Heap-based Buffer Overflow

source: secalert@redhat.com

published: 2025-07-13 21:44:08

modified: 2025-07-14 14:29:07

Detection

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-15-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-10:91622833-13ef-28ff-75cd-e5d15814049e

OR

　unfixed

binutils

package type: source

type: version

tag: rhel-7-extras-including-unpatched:6fc5268a-0a1e-f84e-4ed6-3d0bf615db6d

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-13-binutils

package type: source

type: version

　unfixed

gcc-toolset-14-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-8-including-unpatched:17740862-8741-c39e-777b-a84e6fe704b7

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-13-binutils

package type: source

type: version

　unfixed

gcc-toolset-14-binutils

package type: source

type: version

　unfixed

gcc-toolset-15-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-9-including-unpatched:0bcd869f-e397-584c-b8d9-c33d24a9bb5c

Data Sources

RedHat Enterprise Linux CSAF VEX
redhat-vex