CVE-2025-15504

Опубликовано: 10 янв. 2026

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

CVSS2: 1.7

EPSS Низкий

Описание

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

Ссылки

https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978
Patch
https://github.com/lief-project/LIEF/issues/1277
Exploit
Patch
Issue Tracking
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001
Exploit
Patch
Issue Tracking
https://github.com/lief-project/LIEF/releases/tag/0.17.2
Release Notes
https://github.com/oneafter/1210/blob/main/segv1
Product
https://vuldb.com/?ctiid.340375
Permissions Required
VDB Entry
https://vuldb.com/?id.340375
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.733329
Third Party Advisory
VDB Entry
Exploit
https://github.com/lief-project/LIEF/issues/1277
Exploit
Patch
Issue Tracking
https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001
Exploit
Patch
Issue Tracking
https://vuldb.com/?submit.733329
Third Party Advisory
VDB Entry
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lief-project:lief:*:*:*:*:*:*:*:*

Версия до 0.17.2 (исключая)

EPSS

Процентиль: 2%

0.00013

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-404

CWE-476

Связанные уязвимости

GHSA-mjjp-xjfg-97wg

CVSS3: 3.3

github

28 дней назад

LIEF is vulnerable to segmentation fault

EPSS

Процентиль: 2%

0.00013

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-404

CWE-476