Login Sign Up

CVE-2025-15504

3.3 LOW
Denial of Service

📋 TL;DR

A null pointer dereference vulnerability exists in LIEF's ELF binary parser that can cause denial of service when processing malicious ELF files. This affects LIEF versions up to 0.17.1. The vulnerability requires local access to trigger and could crash applications using the vulnerable library.

💻 Affected Systems

Products:
  • lief-project LIEF
Versions: up to and including 0.17.1
Operating Systems: All platforms running LIEF
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service using LIEF's ELF parsing functionality is vulnerable when processing untrusted ELF files

📦 What is this software?

Lief by Lief Project

View all CVEs affecting Lief →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for any service or tool using LIEF to parse ELF files

🟠

Likely Case

Local denial of service through crafted ELF files causing parser crashes

🟢

If Mitigated

Minimal impact if proper input validation and sandboxing are implemented

🌐 Internet-Facing: LOW - requires local access to trigger
🏢 Internal Only: MEDIUM - internal users could crash services using LIEF

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on GitHub, requires local access to trigger

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.17.2

Vendor Advisory: https://github.com/lief-project/LIEF/releases/tag/0.17.2

Restart Required: Yes

Instructions:

1. Check current LIEF version
2. Upgrade to version 0.17.2 or later using package manager
3. Restart any services using LIEF
4. Recompile any applications statically linked to LIEF

🔧 Temporary Workarounds

Input validation

all

Implement strict input validation for ELF files before passing to LIEF parser

Sandbox parsing

all

Run LIEF parsing operations in isolated containers or sandboxes

🧯 If You Can't Patch

  • Restrict local access to systems running vulnerable LIEF versions
  • Implement monitoring for abnormal process crashes related to ELF parsing

🔍 How to Verify

Check if Vulnerable:

Check LIEF version with 'python -c "import lief; print(lief.__version__)"' or check package manager

Check Version:

python -c "import lief; print(lief.__version__)"

Verify Fix Applied:

Verify version is 0.17.2 or higher and test with known malicious ELF files

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault logs from processes using LIEF
  • Abnormal process termination during ELF file processing

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Process termination events with exit code 139 (SIGSEGV) from applications known to use LIEF

📊 Metadata

CVE ID: CVE-2025-15504
CVSS v3 Score: 3.3 (LOW)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-404
EPSS Score: 0.01% exploit probability (0.7th percentile)
Published: January 10, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15504, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)