LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2014-0172
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0172

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2014-9447
CVE STATUS: Patched
CVE SUMMARY: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9447

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2016-10254
CVE STATUS: Patched
CVE SUMMARY: The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10254

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2016-10255
CVE STATUS: Patched
CVE SUMMARY: The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10255

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7607
CVE STATUS: Patched
CVE SUMMARY: The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7607

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7608
CVE STATUS: Patched
CVE SUMMARY: The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7608

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7609
CVE STATUS: Patched
CVE SUMMARY: elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7609

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7610
CVE STATUS: Patched
CVE SUMMARY: The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7610

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7611
CVE STATUS: Patched
CVE SUMMARY: The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7611

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7612
CVE STATUS: Patched
CVE SUMMARY: The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7612

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2017-7613
CVE STATUS: Patched
CVE SUMMARY: elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7613

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-16062
CVE STATUS: Patched
CVE SUMMARY: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16062

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-16402
CVE STATUS: Patched
CVE SUMMARY: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16402

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-16403
CVE STATUS: Patched
CVE SUMMARY: libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16403

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-18310
CVE STATUS: Patched
CVE SUMMARY: An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18310

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-18520
CVE STATUS: Patched
CVE SUMMARY: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18520

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-18521
CVE STATUS: Patched
CVE SUMMARY: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18521

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2018-8769
CVE STATUS: Patched
CVE SUMMARY: elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8769

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7146
CVE STATUS: Patched
CVE SUMMARY: In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7146

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7148
CVE STATUS: Patched
CVE SUMMARY: An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7148

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7149
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7149

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7150
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7150

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7664
CVE STATUS: Patched
CVE SUMMARY: In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7664

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2019-7665
CVE STATUS: Patched
CVE SUMMARY: In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7665

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2020-21047
CVE STATUS: Patched
CVE SUMMARY: The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21047

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2021-33294
CVE STATUS: Patched
CVE SUMMARY: In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33294

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2024-25260
CVE STATUS: Patched
CVE SUMMARY: elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 4.0
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-25260

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1352
CVE STATUS: Patched
CVE SUMMARY: A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 5.0
CVSS v4 BASE SCORE: 2.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1352

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1365
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1365

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1371
CVE STATUS: Patched
CVE SUMMARY: A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1371

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1372
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1372

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1376
CVE STATUS: Patched
CVE SUMMARY: A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 1.0
CVSS v3 BASE SCORE: 2.5
CVSS v4 BASE SCORE: 2.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:H/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1376

LAYER: meta
PACKAGE NAME: elfutils
PACKAGE VERSION: 0.191
CVE: CVE-2025-1377
CVE STATUS: Patched
CVE SUMMARY: A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.
CVSS v2 BASE SCORE: 1.7
CVSS v3 BASE SCORE: 3.3
CVSS v4 BASE SCORE: 4.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:S/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2025-1377