CVE-2025-1153: GNU Binutils format.c bfd_set_format memory corruption
First published: Mon Feb 10 2025(Updated: )
A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu/binutils | >=2.43<=2.44 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1153?
CVE-2025-1153 is classified as problematic and involves memory corruption.
How do I fix CVE-2025-1153?
To fix CVE-2025-1153, update GNU Binutils to a version later than 2.44.
What versions of GNU Binutils are affected by CVE-2025-1153?
GNU Binutils versions 2.43 and 2.44 are affected by CVE-2025-1153.
Can CVE-2025-1153 be exploited remotely?
Yes, CVE-2025-1153 can be exploited remotely, allowing for potential attacks.
What is the attack complexity of CVE-2025-1153?
The complexity of an attack exploiting CVE-2025-1153 is considered rather high.
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnu
- canonical/gnu binutils