EUVD-2026-12196
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
4Description
A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.
Analysis
Heap-based buffer overflow (out-of-bounds read) in GNU Binutils' BFD linker component that affects RHEL 6, 7, 8, and 10, as well as multiple Debian and Ubuntu releases. An attacker can exploit this vulnerability by distributing a malicious XCOFF object file, which when processed by a user, may disclose sensitive information from process memory or crash the application. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | needs-triage | - |
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | needs-triage | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 2.35.2-2 | - |
| bookworm | vulnerable | 2.40-2 | - |
| trixie | vulnerable | 2.44-3 | - |
| forky, sid | vulnerable | 2.46-3 | - |
| (unstable) | fixed | (unfixed) | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today