Skip to main content

Suse EUVDEUVD-2026-19250

| CVE-2026-31053 MEDIUM
Double Free (CWE-415)
2026-04-06 cve@mitre.org GHSA-h848-fw25-hp2w
6.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19250
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 6.2

DescriptionCVE.org

A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

AnalysisAI

Double free vulnerability in Rizin's LE binary format parser (librz/bin/format/le/le.c) allows local attackers to trigger heap corruption and denial of service by providing a specially crafted LE binary with circular or malformed fixup chains. The le_load_fixup_record() function improperly manages memory during error handling, freeing relocation entries multiple times. With CVSS 6.2 and local attack vector, this poses moderate risk to systems and automated analysis pipelines that process untrusted binaries without sandboxing.

Technical ContextAI

The vulnerability exists in Rizin's LE (Linear Executable) binary format parser, specifically in the le_load_fixup_record() function within librz/bin/format/le/le.c. The LE format is a DOS-era executable format that includes fixup records for relocation information. The root cause (CWE-415: Double Free) stems from improper memory lifecycle management during the parsing of fixup chains; when processing malformed or circular fixup chains, the code path executes multiple free() calls on the same heap-allocated relocation entry structure without proper state tracking or guards. This causes heap metadata corruption on systems using malloc implementations that track freed blocks, leading to crash or potential code execution depending on heap state. The vulnerability affects Rizin, a binary analysis framework and successor to the Radare2 project, which is widely used for reverse engineering, malware analysis, and binary instrumentation.

RemediationAI

Users should update Rizin to a patched version that includes the fix merged in pull request #5795 (https://github.com/rizinorg/rizin/pull/5795). The specific patched version number is not confirmed in the provided data; refer to the official Rizin releases page and the GitHub PR for exact version availability. As a workaround pending patching, restrict analysis of untrusted LE binaries and avoid processing files from untrusted sources in automated pipelines. Implement file-type whitelisting if LE binaries are not required for your use case. For users in continuous integration or malware analysis environments, consider running Rizin in a sandboxed or containerized environment with memory-protection features enabled.

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-19250 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy