CVE-2024-53589
Publication date 5 December 2024
Last updated 26 August 2025
Ubuntu priority
Description
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| binutils | ||
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
seth-arnold
binutils isn't safe for untrusted inputs.
mdeslaur
only affected 2.43, introduced in: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8b5a212495
Patch details
| Package | Patch details |
|---|---|
| binutils |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.4 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |