CVE-2026-6846

Summary

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Hardened Images2.45.1-5.1.hum1 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

binutils: Binutils: Arbitrary code execution via malformed XCOFF object file processing

Additional References

References