{"id":"USN-7369-1","summary":"elfutils vulnerabilities","details":"It was discovered that readelf from elfutils could be made to read out of\nbounds. If a user or automated system were tricked into running readelf\non a specially crafted file, an attacker could cause readelf to crash,\nresulting in a denial of service. This issue only affected Ubuntu 24.04\nLTS. (CVE-2024-25260)\n\nIt was discovered that readelf from elfutils could be made to write out of\nbounds. If a user or automated system were tricked into running readelf\non a specially crafted file, an attacker could cause readelf to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365)\n\nIt was discovered that readelf from elfutils could be made to dereference\ninvalid memory. If a user or automated system were tricked into running\nreadelf on a specially crafted file, an attacker could cause readelf to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n24.04 LTS and Ubuntu 24.10. (CVE-2025-1371)\n\nIt was discovered that readelf from elfutils could be made to dereference\ninvalid memory. If a user or automated system were tricked into running\nreadelf on a specially crafted file, an attacker could cause readelf to\ncrash, resulting in a denial of service. (CVE-2025-1372)\n\nIt was discovered that strip from elfutils could be made to dereference\ninvalid memory. If a user or automated system were tricked into running\nstrip on a specially crafted file, an attacker could cause strip to\ncrash, resulting in a denial of service. (CVE-2025-1377)\n","modified":"2026-02-10T04:47:19Z","published":"2025-03-24T19:24:01Z","related":["UBUNTU-CVE-2024-25260","UBUNTU-CVE-2025-1365","UBUNTU-CVE-2025-1371","UBUNTU-CVE-2025-1372","UBUNTU-CVE-2025-1377"],"upstream":["CVE-2024-25260","CVE-2025-1365","CVE-2025-1371","CVE-2025-1372","CVE-2025-1377","UBUNTU-CVE-2024-25260","UBUNTU-CVE-2025-1365","UBUNTU-CVE-2025-1371","UBUNTU-CVE-2025-1372","UBUNTU-CVE-2025-1377"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7369-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-25260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-1365"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-1371"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-1372"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-1377"}],"affected":[{"package":{"name":"elfutils","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/elfutils@0.186-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.186-1ubuntu0.1"}]}],"versions":["0.185-1build1","0.185-2","0.186-1","0.186-1build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.186-1ubuntu0.1","binary_name":"debuginfod"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"elfutils"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libasm-dev"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libasm1"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libdebuginfod-common"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libdebuginfod-dev"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libdebuginfod1"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libdw-dev"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libdw1"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libelf-dev"},{"binary_version":"0.186-1ubuntu0.1","binary_name":"libelf1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7369-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1377"}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"elfutils","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/elfutils@0.190-1.1ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.190-1.1ubuntu0.1"}]}],"versions":["0.189-4","0.190-1","0.190-1.1build2","0.190-1.1build3","0.190-1.1build4","0.190-1.1build4.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"debuginfod"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"elfutils"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libasm-dev"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libasm1t64"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libdebuginfod-common"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libdebuginfod-dev"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libdebuginfod1t64"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libdw-dev"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libdw1t64"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libelf-dev"},{"binary_version":"0.190-1.1ubuntu0.1","binary_name":"libelf1t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7369-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2024-25260"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1365"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1371"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1372"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-1377"}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}