CVE-2025-7546

Vulnerability

CVE-2025-7546

binutils: Binutils: Out-of-bounds Write Vulnerability

ecosystem: redhat:7, redhat:8, redhat:9, redhat:10

A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.

References

secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-7546
secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2379793
secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-7546
secalert@redhat.com: https://sourceware.org/bugzilla/attachment.cgi?id=16118
secalert@redhat.com: https://sourceware.org/bugzilla/show_bug.cgi?id=33050
secalert@redhat.com: https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2
secalert@redhat.com: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b
secalert@redhat.com: https://vuldb.com/?ctiid.316244
secalert@redhat.com: https://vuldb.com/?id.316244
secalert@redhat.com: https://vuldb.com/?submit.614375
secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-7546
secalert@redhat.com: https://www.gnu.org/

severityM

Moderate

type: vendor

source: secalert@redhat.com

CVSS3.1

5.3MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AV	Local
AC	Low
PR	Low
UI	None
S	Not Changed
C	Low
I	Low
A	Low

source: secalert@redhat.com

　CWE

CWE-787

Out-of-bounds Write

source: secalert@redhat.com

published: 2025-07-13 22:02:07

modified: 2025-07-14 14:30:55

Detection

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-15-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-10:91622833-13ef-28ff-75cd-e5d15814049e

OR

　unfixed

binutils

package type: source

type: version

tag: rhel-7-extras-including-unpatched:6fc5268a-0a1e-f84e-4ed6-3d0bf615db6d

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-13-binutils

package type: source

type: version

　unfixed

gcc-toolset-14-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-8-including-unpatched:17740862-8741-c39e-777b-a84e6fe704b7

OR

　unfixed

binutils

package type: source

type: version

　unfixed

gcc-toolset-13-binutils

package type: source

type: version

　unfixed

gcc-toolset-14-binutils

package type: source

type: version

　unfixed

gcc-toolset-15-binutils

package type: source

type: version

　unfixed

mingw-binutils

package type: source

type: version

tag: rhel-9-including-unpatched:0bcd869f-e397-584c-b8d9-c33d24a9bb5c

Data Sources

RedHat Enterprise Linux CSAF VEX
redhat-vex