Source: radare2 Version: 2.4.0+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/radare/radare2/issues/10294
Hi, The following vulnerability was published for radare2. CVE-2018-12322[0]: | There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in | libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12322 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12322 [1] https://github.com/radare/radare2/issues/10294 [2] https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
