CVE-2025-15504

LOW EPSS 15.2%
Published Jan 10, 20265mo ago · Modified Jun 17, 20262w ago
1.9 CVSS 4.0
Low
Find Similar
Published Jan 10, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

CVSS Details

Base Score
1.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
15.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-404
CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 1

VendorProductVersionRange
lief-projectlief* <0.17.2

References 9

  • github.com https://github.com/lief-project/LIEF/
  • github.com https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978
    Patch
  • github.com https://github.com/lief-project/LIEF/issues/1277
    ExploitIssue TrackingPatch
  • github.com https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001
    ExploitIssue TrackingPatch
  • github.com https://github.com/lief-project/LIEF/releases/tag/0.17.2
    Release Notes
  • github.com https://github.com/oneafter/1210/blob/main/segv1
    Product
  • vuldb.com https://vuldb.com/?ctiid.340375
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.340375
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.733329
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978
    Patch
  • github.com https://github.com/lief-project/LIEF/issues/1277
    ExploitIssue TrackingPatch
  • github.com https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001
    ExploitIssue TrackingPatch