CVE Catalog

CVE-2026-3441

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A heap-based buffer overflow vulnerability (out-of-bounds read) was found in the bfd linker of GNU Binutils. An attacker can exploit a specially crafted XCOFF object file to access sensitive information or cause an application-level denial of service.

Risk Assessment

The risk involves potential disclosure of confidential data or application disruption if a user processes a malicious XCOFF file. The attack requires user interaction but can lead to serious security consequences.

Recommendation

Immediately update GNU Binutils to the latest patched version. Avoid processing XCOFF files from untrusted sources.

Original NVD description (English source)

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS