CVE Catalog

CVE-2026-3442

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

A heap-based buffer overflow (out-of-bounds read) vulnerability was found in the bfd linker component of GNU Binutils. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file.

Risk Assessment

Successful exploitation may lead to disclosure of sensitive information or cause the application to crash, resulting in an application-level denial of service.

Recommendation

It is recommended to immediately update GNU Binutils to the latest patched version. Also, avoid processing XCOFF files from untrusted sources.

Original NVD description (English source)

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS