Source: radare2
Version: 6.1.6+ds-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for radare2.

CVE-2026-14757[0]:
| A vulnerability was determined in radareorg radare2 up to 6.1.6.
| This affects the function core_anal_bytes of the file
| libr/core/cmd_anal.inc. This manipulation causes integer overflow.
| The attack needs to be launched locally. The exploit has been
| publicly disclosed and may be utilized. It is suggested to install a
| patch to address this issue.


CVE-2026-14758[1]:
| A vulnerability was identified in radareorg radare2 up to 6.1.6.
| This vulnerability affects the function cmd_anal_opcode of the file
| libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such
| manipulation leads to integer overflow. The attack needs to be
| performed locally. The exploit is publicly available and might be
| used. The name of the patch is
| 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied
| to remediate this issue.


CVE-2026-14759[2]:
| A security flaw has been discovered in radareorg radare2 up to
| 6.1.6. This issue affects the function
| r_bin_java_inner_classes_attr_calc_size of the file
| shlr/java/class.c of the component RBinJava Line Number Table
| Parser. Performing a manipulation results in heap-based buffer
| overflow. The attack requires a local approach. The exploit has been
| released to the public and may be used for attacks. The patch is
| named cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87. To fix this issue,
| it is recommended to deploy a patch.


CVE-2026-14760[3]:
| A weakness has been identified in radareorg radare2 up to 6.1.6.
| Impacted is the function r_core_seek_arch_bits of the file
| libr/core/disasm.c of the component regprofile Handler. Executing a
| manipulation can lead to use after free. The attack requires local
| access. The exploit has been made available to the public and could
| be used for attacks. This patch is called
| 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to
| implement a patch to correct this issue.


CVE-2026-14761[4]:
| A security vulnerability has been detected in radareorg radare2 up
| to 6.1.6. The affected element is the function
| r_str_ndup/r_str_append of the file libr/util/str.c. The
| manipulation leads to integer overflow. An attack has to be
| approached locally. The exploit has been disclosed publicly and may
| be used. The identifier of the patch is
| a20a56917ae85d732e683f8d9078bdcfee92446c. Applying a patch is the
| recommended action to fix this issue.


CVE-2026-14786[5]:
| A security flaw has been discovered in radareorg radare2 up to
| 6.1.6. This impacts the function r_str_word_get0set of the file
| libr/util/str.c. The manipulation results in integer overflow. The
| attack must be initiated from a local position. The exploit has been
| released to the public and may be used for attacks. The patch is
| identified as 11ac224c0eb8d57830fccc99e1c1cd8e5d958813. It is best
| practice to apply a patch to resolve this issue.


CVE-2026-14787[6]:
| A weakness has been identified in radareorg radare2 up to 6.1.6.
| Affected is the function cmd_print in the library
| libr/core/cmd_print.inc of the component pb Print Command Handler.
| This manipulation causes integer overflow. The attack needs to be
| launched locally. The exploit has been made available to the public
| and could be used for attacks. Patch name:
| 2b6265476c75567006b0fcbb749f4ae7b189c5df. It is recommended to apply
| a patch to fix this issue.


CVE-2026-14788[7]:
| A security vulnerability has been detected in radareorg radare2 up
| to 6.1.6. Affected by this vulnerability is the function
| r_core_bin_load of the file libr/core/cfile.c. Such manipulation
| leads to use after free. The attack needs to be performed locally.
| The exploit has been disclosed publicly and may be used. The name of
| the patch is 635ab1eeb30340c26076722a90cb91fb2272130b. Applying a
| patch is advised to resolve this issue.


CVE-2026-14789[8]:
| A vulnerability was detected in radareorg radare2 up to 6.1.6.
| Affected by this issue is some unknown functionality of the file
| libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream
| Parser. Performing a manipulation results in stack-based buffer
| overflow. The attack requires a local approach. The exploit is now
| public and may be used. The patch is named
| 175d4addb68981331c85b10681c2161c38fb5762. It is suggested to install
| a patch to address this issue.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-14757
    https://www.cve.org/CVERecord?id=CVE-2026-14757
[1] https://security-tracker.debian.org/tracker/CVE-2026-14758
    https://www.cve.org/CVERecord?id=CVE-2026-14758
[2] https://security-tracker.debian.org/tracker/CVE-2026-14759
    https://www.cve.org/CVERecord?id=CVE-2026-14759
[3] https://security-tracker.debian.org/tracker/CVE-2026-14760
    https://www.cve.org/CVERecord?id=CVE-2026-14760
[4] https://security-tracker.debian.org/tracker/CVE-2026-14761
    https://www.cve.org/CVERecord?id=CVE-2026-14761
[5] https://security-tracker.debian.org/tracker/CVE-2026-14786
    https://www.cve.org/CVERecord?id=CVE-2026-14786
[6] https://security-tracker.debian.org/tracker/CVE-2026-14787
    https://www.cve.org/CVERecord?id=CVE-2026-14787
[7] https://security-tracker.debian.org/tracker/CVE-2026-14788
    https://www.cve.org/CVERecord?id=CVE-2026-14788
[8] https://security-tracker.debian.org/tracker/CVE-2026-14789
    https://www.cve.org/CVERecord?id=CVE-2026-14789

Regards,
Salvatore

Reply via email to